Specifications
12 / 80
• Table 2: Scenario 1, example IP addresses
7.2. Scenario 2, M2M GW behind the company firewall
Again, only one public IP address is needed in this scenario, for company firewall/router. The M2M
GW is behind the firewall in a de-militarized zone (DMZ). Since the M2M GW has now a private IP
address, there must be a way for connecting to it from Internet.
The connection from Internet to M2M GW is implemented with D-NAT and port forwarding, (see
page 71, chapter 17.8, Network address translation for more details). Again, here the Arctics are
using the cellular operator’s public access point for connecting to the Internet.
Example network plan:
• Figure 7: Scenario 2, M2M GW behind the company firewall
Entity Network IP address Netmask
M2M LAN 192.168.0.0 255.255.255.0
M2M LAN IP (Eth1) 192.168.0.1 255.255.255.0
SCADA computer 192.168.0.2 255.255.255.0
VPN peer addresses
M2M: 172.16.0.3
Arctic: 172.16.0.4
Point-to-point
DMZ LAN 192.168.1.0 255.255.255.0
M2M DMZ LAN IP (eth0) 192.168.1.2 255.255.255.0
FW/Router DMZ LAN IP 192.168.1.1 255.255.255.0
FW/Router public IP Public, not shown N/A
Arctic LAN 10.10.11.0 255.255.255.0
Arctic LAN IP 10.10.11.1 255.255.255.0
Ethernet device 10.10.11.2 255.255.255.0
Arctic GPRS IP Dynamic, not shown N/A
• Table 3: Scenario 2, example IP addresses
7.3. Arctics with operator’s private cellular access point
In some solutions it is decided to use the operator’s private access point in cellular network. This
will always need a special contract with cellular operator. Using the private access point has a
benefit in form of fixed IP addresses for each SIM card, but they’re also more expensive solution.
The M2M GW is not necessarily needed in this scenario, as the cellular network is able to provide
static IP addressing. However, the following scenario is possible to implement with M2M GW. The
added value is two-fold; the private access point increases security and M2M GW provides easy
and proven methods and tools for controlling the VPN tunnels and Arctic devices.