The icom Connectivity Suite – VPN is a service of INSYS icom for the simple and secure network connection of locations, plants, control centers and mobile devices via a Virtual Private Network (VPN). [1]

The individual VPN participants must be added as a device first. It will be differentiated between INSYS icom routers with icom OS, with INSYS OS and other third-party devices. These can be PCs, controls, cameras, other routers, etc. that support OpenVPN and referred to as PC in summary in the icom Connectivity Suite – VPN.

This Configuration Guide only applies to INSYS Smart Devices running icom OS. These include the router series MRX, MRO, ECR and SCR (plus possible later series).

Situation

You need to add an INSYS router with icom OS as a device in the icom Connectivity Suite – VPN.

Solution

It is prerequisite that you have Internet access. It is also prerequisite that you have an icom Connectivity Suite account. Refer to this Configuration Guide to find out how to register an account.

  1. Open the web interface of the icom Connectivity Suite using a browser:

  2. Select the Devices tab.

  3. Click on Add a device and enter the following information:

    • Device type: select icom OS router

    • Device name: enter a name that allows to distinguish the device clearly from other devices

    • Device serial: enter the serial number of the device printed on the label on the device or indicated in the web interface in the StatusDevice info menu

    • Device code: the device code is used for configuring the router using the startup wizard; if no device code is specified here, the default code will be used (configurable under the My VPN Hub tab) [2]

    • Licence: select the licence to be used

    • Default monitoring: check this if the availability of the device is to be monitored [3]

    • local IP: the router (and other local devices) will be accessible under this address; it will be assigned to the router using the router configuration

    • accessible through netmapping IP only: if this virtual netmapping address is entered, the router (and other local devices) will only be accessible under this address; it will be assigned to the router using the router configuration [4]

    • Net mask: enter the netmask for the IP address [5]

    • Group: assign the device to a group that combines devices with similar functions that share common communication rules [6]

    • additional routes not shown: check this to show the configuration of additional routes [7]

  4. Click on OK to save your settings.

  5. Commission your device using the Startup wizard as described in the Quick Installation Guide, select icom Connectivity Suite – VPN as _VPN connection and enter your Customer name and Device code. [8]

Troubleshooting

  • You can verify a successful connection when the state changes to online on the Devices tab of the icom Connectivity Suite – VPN.

  • Refer to the icom Connectivity Suite manual for more information.


1. A VPN is a communications environment in which access is controlled to permit peer connections only within a defined community of interest, and is constructed though some form of partitioning of a common underlying communications medium, where this underlying communications medium provides services to the network on a non-exclusive basis.
2. This code will also be used as password for accessing the router via a web proxy.
3. Refer to this Configuration Guide or the icom Connectivity Suite – VPN manual for more information about this functionality.
4. Additional networks at the router can be configured and made available through the VPN. Each network can be assigned to a group which results in individual access rights. The group rights for the first network apply to the access to the VPN address as well.
5. The Netmask determines the size of the network that is made known around the local IP address via routing. It can be entered in long form (255.255.255.0) or CIDR format (/24). If a netmask that differs from the standard (255.255.255.0) is entered, the DHCP server in the device will be disabled.
6. Groups can be added on the Groups tab. If no groups are entered yet, only the standard group is available.
7. The first configured IP address range is automatically assigned to IP net 2 of the router. If Additional routes are activated, individual IP address ranges and IP nets can be assigned to the Ethernet ports. Only one IP address range per IP net is allowed. If more Ethernet ports belong to the same IP net, the same IP address ranges applies and the input fields must be empty.
8. The Customer name is also shown in the My VPN Hub tab. See footnote above for the Device code.