How to Get Secure Remote PLC Access with an IoT Gateway & RCMS

I've spoken with countless automation engineers who share the same frustration. A machine on the factory floor stops working at 2 AM, and the PLC programmer has to drive an hour to the site, plug in a laptop, just to diagnose what might be a simple software issue. It's inefficient, costly, and incredibly stressful.

The obvious solution is remote access, but that opens a whole new can of worms. How do you provide access without punching dangerous holes in your firewall or exposing your sensitive OT network to the public internet? The answer isn't to use risky port forwarding or insecure desktop sharing software. The professional solution is to use a purpose-built  Industrial IoT Edge Gateway  to create a secure, encrypted tunnel directly to your PLC. This guide will show you exactly how.

The core of this solution is to never expose your PLC directly to the internet. Instead, we use the Robustel EG5120 as a secure "gatekeeper" on the local network. We then use the  Robustel Cloud Manager Service (RCMS) to create an on-demand, encrypted VPN tunnel from our engineering laptop directly to the EG5120. Because the PLC is on the same local network as the gateway, we can then access it as if we were plugged in right beside it.

This architecture has three key advantages:

• Unmatched Security: Your PLC remains completely invisible to the public internet. All communication is protected within an encrypted VPN tunnel.

• Simplified Deployment: No complex firewall configurations or public IP addresses are needed. The gateway makes an outbound connection to the cloud, which is easy to manage.

• Scalability: This same method can be used to manage hundreds of PLCs across different sites from a single, centralized platform.

Before you begin, let's get everything ready.

• Hardware List:

  • 1 x  Robustel EG5120 Industrial IoT Edge Gateway

  • 1 x PLC device (we'll use a Siemens S7-200 Smart as our example)

  • An active internet connection for the EG5120 (via Ethernet or a 4G SIM card)

  • A Windows PC with Siemens programming software installed

• Software/Accounts:

  • A valid  Microsoft Account to register for RCMS.

  • An active RCMS account .

• Knowledge Needed:

  • Basic familiarity with your PLC's IP address and network settings.

This guide will walk you through the entire process, from initial login to successfully connecting to your Siemens PLC with your engineering software.

(Note: This section's structure is preserved for easy screenshot insertion.)

1. Visit the  Robustel RCMS Portal  and click Register Account . Follow the prompts to register using your Microsoft account.
2. Confirm your registration via email and log in.

1. In RCMS, add your EG5120 by entering its SN and MAC address , which can be found on the device's label.

2. Power on your EG5120 and ensure it has an internet connection.

3. Access the EG5120's web interface (default IP: 192.168.0.1), navigate to the RCMS app , enable it, and ensure the status shows as "Connected." Meanwhile RCMS status shows as “Registered”.

1. Connect the PLC to the EG5120's Ethernet port.

2. Ensure that the EG5120 can ping the PLC's IP address on the local network.
3. Insider Tip: If your PLC is on a different subnet than the gateway's LAN (e.g., PLC is 192.168.10.10 and gateway is 192.168.0.1), you have two choices: change the PLC's IP to be on the 192.168.0.x subnet, or simply add a second IP address (192.168.10.254, for example) to the gateway's LAN interface. The second option is often easier and avoids changing configurations on your OT equipment.
4. Optional: Add SNAT rule. If the PLC does not use the EG5120's IP as its default gateway, you must add an SNAT rule. You can also add this rule even if you are unsure of the PLC's gateway IP configuration. The command is as follows:

t nat -A POSTROUTING -d 192.168.10.0/24 -j SNAT --to-source 192.168.10.254

1. In RCMS, navigate to the VPN section and create a new VPN group. Add your EG5120 to this group.

2. Verify VPN status shows Green.
3. In the group's settings, add the local IP address of your PLC (e.g., 192.168.10.10) to the End Device list. This tells RCMS which device you want to access behind the gateway.

1. Download and install the  RCMS Client  on your Windows PC from the RCMS platform.

2. Log in to the client with your RCMS credentials and click Connect on the VPN group you created. Your PC is now securely connected to the gateway's remote network.

3. Open your Siemens software, and instead of searching for a local PLC, simply enter the PLC's IP address (192.168.10.10).
4. You can now connect, upload/download programs, and troubleshoot the PLC as if you were plugged directly into it on-site.

You've now successfully set up a system for secure remote PLC access using the EG5120 and RCMS. This method—creating a secure, on-demand VPN tunnel directly to the on-site gateway—is the professional standard for remote industrial maintenance. It eliminates the immense security risks of exposing your OT equipment to the internet while providing the flexibility and efficiency of remote operations. This is a game-changing capability for any modern industrial enterprise.