Professional Documents
Culture Documents
MOXA Industrial Secure Router Installation Guide
MOXA Industrial Secure Router Installation Guide
August 2014
Page Revision
Initial issue August-2014
ii
MOXA Industrial Secure Router Installation Guide
D301766X012 August 2014
Overview
The MOXA® EtherDevice Router (model EDR-810-VPN) provides an Ethernet-based
industrially secure 1GB communications pathway. This guide details the tasks required to
configure a secure communications “tunnel” between two EDR-810 routers (see Figure 1)
to prevent replay attacks and denial of service (DoS) attacks.
Security is achieved by selecting the SHA-256 hash algorithm and AES-256 encryption
algorithm for each EDR and then linking the EDRs with a user-defined pre-shared key for
authentication.
Note
During the configuration process, you attach a PC to EDR1 and then to EDR2. After
successfully configuring EDR2, you remove that PC.
This guide provides only installation and configuration information, and is intended for
use by personnel familiar with managing network IP information. For technical
specifications or advanced installation options, refer to the MOXA website
(www.moxa.com) or the EDR-810 User’s Manual (provided on the CD that accompanies the
MOXA unit)
1
MOXA Industrial Secure Router Installation Guide
August 2014 D301766X012
Configuration
Note
Ensure that the two MOXA EDR-810 routers have the same firmware level (3.3 or higher).
Otherwise you may encounter difficulties in the configuration process.
To configure the MOXA EDRs, you connect a PC to each EDR and perform a series of
specific tasks (see Figure 2) described in the following sections. These tasks set IP
addresses and various internal settings. Completely configure the first EDR before
proceeding to the second. The configuration tasks are similar, but not identical. Once you
have configured both EDRs, you then connect the EDRs with an Ethernet cable and test
(“ping”) communications between the two EDRs:
2
MOXA Industrial Secure Router Installation Guide
D301766X012 August 2014
Note
All MOXA routers have a factory-set default IP address of 192.168.127.254.
6. In the This connection uses the following items area, select Internet Protocol Version
4 (TCP/IPv4) and then click Properties. The Internet Protocol version 4 (TCP/IPv4)
Properties dialog displays (Figure 4), showing the General tab.
3
MOXA Industrial Secure Router Installation Guide
August 2014 D301766X012
Define passwords to ensure that only authorized personnel can access your MOXA
routers. As delivered from the factory, MOXA routers use moxa as the default password
for both the admin and user accounts. Change the default password for both accounts.
1. Open the browser on the PC and enter the URL https://192.168.127.254. The MOXA
Secure Router sign-in page displays.
Note
IE may display a caution about this website’s security certificate. Select Continue to
this website (not recommended) to continue.
4
MOXA Industrial Secure Router Installation Guide
D301766X012 August 2014
2. Sign in using admin as the username and moxa as the password (these values are
case-sensitive). Click Login. The MOXA EDR-810 VPN Industrial Secure Router
webpage displays. Select options from the menu on the left side of the page.
3. Select System > User Account from the MOXA menu. The User Account webpage
displays.
5
MOXA Industrial Secure Router Installation Guide
August 2014 D301766X012
Note
This message displays whenever you successfully modify a setting.
7. The webserver automatically logs you out. Log back in using your new password.
8. Select System > User Account from the MOXA menu. The User Account webpage
displays.
9. Click the user label to select the User Authority (see Figure 6). The webserver
highlights the selection.
10. Repeat steps 4 through 6, assigning a different password to the User Authority,
depending on your organization’s requirements.
6
MOXA Industrial Secure Router Installation Guide
D301766X012 August 2014
Note
The webserver does not automatically log you out when you change the password for
the User user name.
3. Click Next Step. (Note that the headings at the top of the webpage change.) The LAN
IP Configuration webpage displays.
4. Change EDR1’s LAN IP configuration address to 192.168.128.254.
5. Click Next Step to display the WAN Configuration webpage
6. Change the Connect Type to Static IP and provide the follow IP address information:
a. Set the IP Address to 61.20.223.253.
b. Set the Subnet mask to 255.255.255.0.
c. Set the Gateway to 0.0.0.0.
7. Click Next Step and then click Apply.
8. Close the MOXA webpage.
7
MOXA Industrial Secure Router Installation Guide
August 2014 D301766X012
8
MOXA Industrial Secure Router Installation Guide
D301766X012 August 2014
4. Select Enable and select N-1 as the NAT Mode. Verify that the LAN IP Range is
192.168.128.1 to 192.168.128.252 (you may need to change this value from 254).
5. Click Modify and then Apply.
9
MOXA Industrial Secure Router Installation Guide
August 2014 D301766X012
10
MOXA Industrial Secure Router Installation Guide
D301766X012 August 2014
11
MOXA Industrial Secure Router Installation Guide
August 2014 D301766X012
12
MOXA Industrial Secure Router Installation Guide
D301766X012 August 2014
Note
Under no circumstances use 12345678 as shown in Figure 9; that value is only an
example. Determine your own numeric value for this field.
In the Key Exchange (Phase 1) field, select AES-256 as Encryption Algorithm and
SHA256 as the Hash Algorithm.
In the Data Exchange (Phase 2) field, select SHA256 as the Hash Algorithm and
SHA256 as the Hash Algorithm.
3. Click Add. The IPSec Connection table at the bottom of the screen redisplays,
showing the new IPSec connection (see Figure 12).
4. Click Apply.
5. Close the website.
Note
If you minimized the Network and Sharing Center screen in Section 4, maximize it
and move to step 4.
3. Select Network and Internet and View network status and tasks.
4. In the View your active networks area, select Local Area Connection. The Local Area
Connection Status dialog displays.
5. Click Properties. The Local Area Connection Properties dialog displays.
6. In the This connection uses the following items area, select Internet Protocol Version
4 (TCP/IPv4) and then click Properties. The Internet Protocol version 4 (TCP/IPv4)
Properties dialog displays (Figure 4), showing the General tab.
7. Set the TCP/IPv4 IP address:
a. Click Use the following IP address.
b. Complete the IP address with 192.168.127.1.
c. Complete the Subnet mask with 255.255.255.0.
d. Complete the Default gateway with 192.168.127.254.
Note
Complete the default gateway value as shown.
13
MOXA Industrial Secure Router Installation Guide
August 2014 D301766X012
2. Sign in using admin as the username and moxa as the password (these values are
case-sensitive). Click Login.
3. Select System > User Account from the MOXA menu. The User Account webpage
displays.
4. Complete the Old Password field with moxa.
5. Complete the New Password and Confirm Password fields with a password
meaningful to your organization.
6. Click Apply. The confirmation message “All new settings are now active” displays.
7. The webserver immediately logs you out. Log back in using your new password.
8. Select System > User Account from the MOXA menu. The User Account webpage
displays.
9. Click the user label to select the User Authority. The webserver highlights the
selection.
10. Repeat steps 4 through 6, assigning a different password to the User Authority,
depending on your organization’s requirements.
Set the Authentication Code as a Pre-shared Key with an 8-digit random value.
This 8-digit value must be the same value you defined for EDR1 in Section 8.
Note
Under no circumstances use 12345678 as shown in Figure 9; that value is only an
example. Determine your own numeric value for this field.
In the Key Exchange (Phase 1) field, set AES-256 as the Encryption Algorithm and
SHA256 as the Hash Algorithm.
In the Data Exchange (Phase 2) field, set AES-256 as the Encryption Algorithm
and SHA256 as the Hash Algorithm
3. Click Add. The IPSec Connection table at the bottom of the screen redisplays,
showing the new IPSec connection.
4. Click Apply.
15
MOXA Industrial Secure Router Installation Guide
August 2014 D301766X012
This test verifies that the EDR1 and EDR2 are communicating successfully.
16