did any body succeed to connect to OPC Server via Firewall such as Cisco ASA5500 Series Firewalls implementing NAT and Routing between the PI Interface and OPC Server share your story please if you face this before thanks a lot
with OPC "classic" this is not possible (cause it is based on DCOM). Therefor OPC Tunnell Products were made by several OPC Vendors (e.g. Matrikon or Softing). With this software the OPC protocol is wrapped into standard IP traffic so you can communicate over Firewalls.
I personally don´t like the idea of abusing protocols in that way but sometimes it must be. I have an older system where tunneller are implemented even if there is no communication over a single firewall. And there are problems with the communication.
If you hav no other choice you can tra to install a tunneller. My favorite solution would be to place an interface node behind the firewall (sending PI Traffic over Firewalls is much easier then sending DCOM traffic). This would allow you collecting date (puffering) if there is maintainence on the firewall.
DCom and NAT are known incompatible.
IPsec tunneling is a standard Windows feature. It's gotten much easier to enable using Windows Firewall Connection Security Rules. The wizard has a pick to enable NAT traversal. See below for the low level command line to tune IPsec for NAT (must set at both ends of the tunnel).
netsh advfirewall set global ipsec ipsecthroughnat serverandclientbehindnat
Regardless OPC DA was never intended to cross firewall. The recommended security barrier is between PI Interface and PI Server. We also find PI OPCINT on the same machine as the OPC Server is the most reliable for your data.
Retrieving data ...