VPN Router MRX3-LAN

Modular VPN router suitable for every application

Full-modular in widths 3 and 5, variants for LAN, LTE and DSL
Flexible expandability through plug-in cards
Universal WAN technologies (LTE/DSL/LAN/fiber - also combined as failover)
Extensive routing functions
IT security at KRITIS level
IoT-ready
Quick start for DELTA LOGIC Connectivity Service

€650.00*

Prices excl. VAT plus shipping costs

Housing width

MRX3

MRX5

Connection

LAN

DSL-A

DSL-B

LTE

LTE worldwide

Product number: MRX3-LAN

Fully modular industrial router for optimal coupling of your networks.

The MRX series enables you to make targeted use of the latest technology, ideal for your specific application. Thanks to the fully modular design, you can flexibly equip your MRX for your requirements and adapt it to new challenges at any time. In addition to the perfectly optimized computing power, you thus also benefit from the best possible price/performance ratio and an above-average service life.

Wide range of applications

Based on its modular concept, you can equip your MRX with exactly the functions you need for your infrastructure. Two housing widths, various basic versions and a range of additional modules, so-called MRXcards, are available for this purpose. Thanks to these diverse options, you are highly flexible both in terms of acquisition and in terms of any adaptations that may be required at a later date.

The integrated firewall and VPN functionality also allow secure remote maintenance of your end devices.

The two housing widths

Two housing widths are available for the MRX series

MRX3: Here you have 3 slots at your disposal, two of which are defined by the selected base variant. In the third slot you can insert any other module (MRXcard)
MRX5: Here you have 5 slots at your disposal, two of which are defined by the respective selected basic variant. Any other modules (MRXcard) can be inserted into the other three slots.

The three basic variants

The MRX series is available in three basic variants, each with different basic equipment.

The basic variant MRX-LAN consists of an Ethernet module with five LAN ports, as well as a power module for power supply and with 2 digital inputs. The five LAN ports can be divided into up to five IP networks.
The basic variant MRX-LTE consists of an Ethernet module with five LAN ports, as well as a LTE module with integrated power supply and 2 digital inputs. The five LAN ports can be divided into up to five IP networks. The world variant supports a greater variety of cellular frequencies.
The basic variant MRX-DSL consists of an Ethernet module with five LAN ports, as well as a DSL module with integrated power supply and 2 digital inputs. The five LAN ports can be divided into up to five IP networks. MRX-DSL is available for DSL-Annex A and for DSL-Annex B.

Note: ADSL connections in Germany are usually operated in the Annex B variant. You can obtain precise information on the Vairante used (Annex A or Annex B) from your provider of the connection. This applies especially to connections outside Germany.

Various expansion options

If the possibilities of the respective basic modules are not sufficient for you, you can extend your MRX at any time by different further modules, so-called MRXcards. More detailed information about the available modules can be found in the category Apps & Acessories.

Convincing and versatile

To ensure that a secure VPN connection can be used effectively, we offer you a convenient VPN portal. With the DELTA LOGIC Connectivity Service, you can create VPNs of any complexity and access the end devices via direct routing.

You don't want to set up your router for our DELTA LOGIC Connectivity Service yourself? No problem. We will be happy to pre-configure your new router for you. Simply send us the completed router configuration form with your order.

Technical highlights

Segmentation into several local IP networks
Multiple VPN tunnels can be used in parallel
Firewall in the tunnel (e.g. demarcation of remote accesses)
Flexible administration with profile manager
Access management via user roles
Advanced event-based control (e.g. profiles, connections, redundancy)
High performance for broadband networks and high VPN data rate
Made in Germany

Mobile communikation (MRX LTE and world only)
Frequency bands	4G/LTE: 800, 900, 1.800, 2.100, 2.600 MHz; LTE Cat. 3 (DL: max. 100 Mbps, UL: max. 50 Mbps) 3G/UMTS/HSPA: 900, 1.800, 2.100 MHz; UMTS, HSPA+ (DL Cat. 24, UL Cat. 6) 2G/GPRS/EDGE: 900, 1.800 MHz; GPRS/EDGE Class 12
Antenna connection	2x SMA female (2G/3G/4G: Main, 3G: Rx Diversity, LTE: MIMO)
SIM	Slot for 1 Mini-SIM card (2FF), locked
Wire-bound VDSL/ADSL communication (MRX DSL only)
DSL standards	MRX DSL-A (Annex A): VDSL2 G.993.2 Profile 8a, 8b, 8c, 8d, 12a, 12b, 17a. 30a, VDSL2 Vectoring G.993.5 ADSL/ADSL2/ADSL2+ G.992.1 Annex A, G.992.3. Annex A/L/M, G.992.5 Annex A und M, T1.413 MRX DSL-B (Annex B): VDSL2 G.993.2 Profile 8a, 8b, 8c, 8d, 12a, 12b, 17a. 30a, VDSL2 Vectoring G.993.5 ADSL/ADSL2/ADSL2+ G.992.1 Annex B, G.992.3. Annex B, G.992.5 Annex B und J
DSL connection	RJ45 connector
Router
Function	Up to 5 IP local networks (LAN) or as WAN with both, DHCPv4 and DHCPv6 clients, with static IP addresses, VLAN incl. tags and trunk ports; SLAAC, router advertiser, own DHCPv4 and DHCPv6 server per IP network; static routing, configurable routing priority; dynamic routing OSPF, BGP, RIP, RIPv2, RIPng; net filters: D-NAT, S-NAT, IP/port forwarding, netmapping, DNS relay, dynDNS support; PPPoE for external DSL modem, PPPoA (only MRX DSL); Dual APN: cellular traffic division across 2 APNs - e.g. for separating payload and management data
Security	OpenVPN (client and server), IP filters (stateful firewall) also in VPN tunnel, several VPN tunnels in parallel possible, IPsec, GRE (incl. multi-port), DMVPN, PPTP server
Redundancy	WAN chains: several WAN accesses configurable (prioritised and event-controlled), WAN groups: parallel operation of WAN interfaces or VPNs, several OpenVPN servers, additional redundancy via further MRcards; provider redundancy when using a multi roaming SIM card (see chapter “suitable accessories”)
Ethernet switch, interfaces
Ports	5 x RJ45, 10/100 MBit/s, Full/half duplex, Auto MDI-X, 1.5 kV isolation voltage
Function	Each port can be freely assigned to the IP networks, Link up/down detection, configuration port
Inputs	In basic variants: 2 digital inputs, monitorable status, 1x low active, connection to GND, 1x high active, connection to 10 ... 24 V DC, as per EN 61131-2, type 1
Events (selection)	Change: input, Ethernet port, WAN chain, profile, supply input, cellular field strength; timer expiry, firewall violation, login attempt detection, pulse sequence at digital input, counter
Event-controlled actions (selection)	E-mail messages, SMS, SNMP traps, MCIP, start timer, profile switching, connection switching, reset, log out/turn off modem, activate firmware, pulse sequence
Operation
Wizards	Configuration of connection incl. VPN, adding LAN networks, quick start of icom Connectivity Suite – VPN
Help	Web interface with inline help texts, online help, FAQ, exemplary profiles, plausibility check
Configuration	Web interface local and remote (http, https; with session management), Command line interface (CLI), Telnet, SSH, ASCII and binary file (also for backup), configuration management with switchable profiles (event-controlled)
Indications (LED)	Power, WAN (Internet connection), Info (configurable), Signal (with cellular radio), DSL (with DSL)
Authentication	Several users, different user roles and rights, RADIUS
Diagnosis	Comprehensive log files, support package, integrated help functions,Diagnosis tools: ping, tcpdump, traceroute, DNS lookup, AT commands
Firmware updates	Incremental, fail-safe, automated via update server (http, ftp, https, ftps)
Edge Computing
icom SmartBox	Linux programming environment: creation of LXC containers for programs and scripts (apps), ARMv7 CPU, 448 MB RAM, 7 GB flash memory
Additional features	NTP client and server, buffered real-time clock
Supply
Voltage	12 ... 24 V DC (± 20%), 2 supply connections with changeover detection
Terminals	5-pin push-in terminal connectors (maintenance free), rigid/flexible conductors up to 2.5 mm2
Leistungsaufnahme Basisvarianten ohne weitere MRcards	MRX DSL: typical approx. 6.5 W, max. 8.0 W MRX LAN: typical approx. 2.0 W, max. 3.5 W (depending on data throughput amongst others) MRX LTE: typical approx. 2.5 W, max. 8.0 W
Ambient conditions
Dimensions (WxDxH)	MRX3: 82 x 88 x 117 mm MRX5: 136 x 88 x 117 mm
Operating temperature MRX LAN, MRX LTE	-30...+75 °C, -30...+75 °C Range +70...+75 °C: under restricted conditions (refer to www.insys-icom.de/restricted)
Operating temperature MRX DSL	0...+60 °C Ranges -25 ... 0°C and 55°C .... 60°C under restricted conditions (refer to: www.insys-icom.com/restricted) Note: range 55°C ... 60°C only without further MRcards PD or PL
Humidity	0 ... 95% (non-condensing)
Mounting / protection class	DIN rail mounting / housing: IP40
Approvals & Standards
Certifications	CE, MRX LAN additionally: FCC Part 15 Class B, IC
EMC	Emission: EN 55032 Class B; Immunity: EN 61000-6-2, EN 55024
Safety	IEC/EN 60950, 62368
Environmental conditions	Vibration/shock as per PLC standard EN 61131-2 and EN 60068-2-6, EN 60068-2-27; Temperature tests as per EN 60068-2-1, EN 60068-2-2, EN 60068-2-14, EN 60068-30

Data sheet MRX
Data_sheet_MRX.pdf	3.08 MB	February 20, 2024
Manual MRX
Manual_MRX.pdf	2.90 MB	February 22, 2024
Quick Installation Guide Router English
QIG_Router_en.pdf	1.46 MB	December 12, 2023
DELTA LOGIC Connectivity Service First Steps
DLCS_First_Steps.pdf	122 KB	January 08, 2024

I cannot connect to my Siemens HMI panel (KTP1500 Comfort, KTP600 Basic,... ) via VPN in the TIA Portal. Why?

1. With HMI panels only "Advanced online loading" can be used in the TIA Portal, "Advanced online connect" is basically not possible.
2. "PG/PC interface" TAP-Windows Adapter..." must be selected as interface.
3. With some HMI panels (KTP600 Basic) the "PN/IE interface" cannot be used, in these cases the "Ethernet interface" has to be used.
4. For some HMI panels (e.g. TP700 Comfort), the "Display all compatible stations" option must not be active.