When all the on-site PLCs use the same static IP, how can secure subnet mapping achieve accurate maintenance and reliable PLC remote access?
|
|
Time to read 5 min
|
|
Time to read 5 min
Machine builders often standardize their products by using the exact same static IP address for the PLC in every machine, which creates a significant challenge for PLC remote access. When multiple machines with duplicate IPs are in the field, a traditional VPN cannot distinguish between them.
RobustVPN's subnet mapping feature solves this by assigning a unique virtual subnet to each machine's router within the RCMS platform. This allows engineers to connect to a specific PLC using a unique virtual IP address, which RobustVPN then translates to the correct on-site static IP.
This enables precise, error-free remote troubleshooting and programming while preserving the massive efficiency benefits of IP standardization in production.
In my conversations with machine builders, one topic comes up constantly: the power of standardization. To build machines efficiently and at scale, you create a master design—a template. The electrical drawings are identical, the cabinet layout is the same, and, crucially, the PLC is flashed with the exact same program and the exact same static IP address (say, 192.168.10.50) every single time. This is a brilliant manufacturing strategy.
But this production dream becomes a post-sales nightmare. You have 50 machines in the field at 30 different customer sites, and every single PLC has the IP address 192.168.10.50. A customer calls with an issue. You establish a VPN connection, but now what? How do you tell the network which specific machine you want to talk to? It's like trying to mail a letter to a country where every house has the same street address. Let's be clear: this "duplicate IP" problem has been a major barrier to efficient PLC remote access for years.
The very practice that makes you efficient in the factory—using a single, unchanging PLC configuration—cripples your ability to provide remote support. A standard VPN can get you onto the remote network, but it can't solve the fundamental problem of IP address conflicts.
This leaves you with two terrible options:
Neither of these is a good choice. You need a third option that allows you to keep your standardized production methods while enabling precise and efficient PLC remote accesss.
This is where a purpose-built industrial VPN platform shows its value. RobustVPN, a core feature of our RCMS cloud, has a powerful function designed specifically for this problem: Subnet Mapping.
Instead of trying to change the PLC's "real" IP, we create a unique "virtual" IP for it that only exists within the VPN.
The process is managed centrally in RCMS and is remarkably straightforward:
10.10.1.0/24.10.10.2.0/24.10.10.157.0/24.10.10.157.50.The RobustVPN platform acts as an intelligent traffic director. It sees the request for 10.10.157.50, knows that this address belongs to Machine #157's router, and forwards the traffic through the secure tunnel to that specific router. The router then translates the request to the PLC's real IP address, 192.168.10.50. The PLC responds, and the process happens in reverse.
To the engineer, it feels like they are on a massive, perfectly organized network where every machine has a unique, logical address.
This subnet mapping feature is the key that unlocks a hyper-efficient remote service model.
remote PLC maintenance is as simple as adding its router to RCMS and assigning the next virtual subnet. The system is built to handle tens of thousands of devices.This approach has been proven to help machine builders cut annual travel expenses by 80% and resolve 90% of service tickets remotely.
A: No. The entire process is managed through the intuitive, web-based RCMS platform. There are no complex command-line configurations required. You simply create a mapping rule that associates a router with a virtual subnet.
A: Yes. The feature maps the entire subnet. If your PLC is at 192.168.10.50 and an HMI is at 192.168.10.60, and you've mapped that machine to the virtual subnet 10.10.157.0/24, you would simply access the HMI at the virtual address 10.10.157.60.
A: No. This is a significant advantage of the RobustVPN platform. The router only needs a standard SIM card that can get any kind of public IP address from the carrier (it does not need to be static). Our cloud platform handles the rest, making the device accessible from anywhere without the high cost and complexity of fixed IP SIMs.