RNRP through VPN firewall
one of my customer requirement is to implement firewall in our control metwork.
i am doing an internal testing to implement firewll which support VPN tunneling,
since it is a layer 3 firwall,it require different subnet.so i configured network area 20 in connectyvity server side
and network area 21 AC800m controller side.
172.16.80.154 connectyvity server primary ip
172.17.80.154 connectyvity server secondary ip
172.16.84.152 CN1 Controller IP
172.17.84.152 CN2 Controller IP
primary control network i have two firewalls whcih configured routing with VPN .
secondary control netwok i have two firewalls which configured routing with VPN.
now i can ping to contoller CN1 and i can download the programm,read the data through VPN.
the issue is contoller IPin not listing in RNRP and scondary controlnetwork is not working properly.
is anyone have similar setup and suggestions to implement firewall in control network.
pleasefind the attached file for more info
Voted best answer
RNRP is a layer 2 protocol and will thus not be forwarded by a regular router.
The RNRP multicast telegrams emitted by all nodes must also reach all nodes, a router will prevent this unless it can forward IP multicast.
No such tests (routing of IP multicast) have been made with RNRP so I advise against this unless you have received a written statement from some ABB authority. Your regional ABB support center should be able to assist you with such a request.
Another option is RNRP tunneling where two RNRP Border Area nodes can join two different RNRP areas via using a RNRP Tunneling Area.
In the image of a RNRP Monitor window below, the AC 800M CPU with IP address 172.16.84.152 (area 21) can communicate with the other AC 800M CPU with IP address 172.16.88.152 (area 22) via the two ABB NE870 RNRP Routers marked with yellow and the RNRP Tunnel Area (area 32) marked with green.
The tunnel area can be a routed network (L3) and is NOT dependent on any RNRP multicast traffic to pass through.
The ABB NE87x RNRP Routers have L3 routing and firewall capability. It is strongly suggested to make use of this hardware, as it has been tested and approved by ABB.
The ABB RNRP service in Microsoft Windows can also act as RNRP Border Area node.