VPN Router MRX3-LAN

Modular VPN router suitable for every application

  • Full-modular in widths 3 and 5, variants for LAN, LTE and DSL
  • Flexible expandability through plug-in cards
  • Universal WAN technologies (LTE/DSL/LAN/fiber - also combined as failover)
  • Extensive routing functions
  • IT security at KRITIS level
  • IoT-ready
  • Quick start for DELTA LOGIC Connectivity Service

€650.00*

Housing width
Connection
Product number: MRX3-LAN

Fully modular industrial router for optimal coupling of your networks.

The MRX series enables you to make targeted use of the latest technology, ideal for your specific application. Thanks to the fully modular design, you can flexibly equip your MRX for your requirements and adapt it to new challenges at any time. In addition to the perfectly optimized computing power, you thus also benefit from the best possible price/performance ratio and an above-average service life. 

Wide range of applications

Based on its modular concept, you can equip your MRX with exactly the functions you need for your infrastructure. Two housing widths, various basic versions and a range of additional modules, so-called MRXcards, are available for this purpose. Thanks to these diverse options, you are highly flexible both in terms of acquisition and in terms of any adaptations that may be required at a later date.
The integrated firewall and VPN functionality also allow secure remote maintenance of your end devices.

The two housing widths

Two housing widths are available for the MRX series

  • MRX3: Here you have 3 slots at your disposal, two of which are defined by the selected base variant. In the third slot you can insert any other module (MRXcard)
  • MRX5: Here you have 5 slots at your disposal, two of which are defined by the respective selected basic variant. Any other modules (MRXcard) can be inserted into the other three slots.

The four basic variants

The MRX series is available in four basic variants, each with different basic equipment.

  • The basic variant MRX LAN consists of an Ethernet module with five LAN ports, as well as a power module for power supply and with 2 digital inputs. The five LAN ports can be divided into up to five IP networks.
  • The basic variant MRX LTE consists of an Ethernet module with five LAN ports, as well as a LTE module with integrated power supply and 2 digital inputs. The five LAN ports can be divided into up to five IP networks. The world variant supports a greater variety of cellular frequencies.
  • The basic variant MRX Fiber consists of an Ethernet module with five LAN ports, as well as a SFP/Fiber module with integrated power supply and 2 digital inputs. The five LAN ports can be divided into up to five IP networks.
  • The basic variant MRX DSL consists of an Ethernet module with five LAN ports, as well as a DSL module with integrated power supply and 2 digital inputs. The five LAN ports can be divided into up to five IP networks. MRX-DSL is available for DSL-Annex A and for DSL-Annex B.

Note: ADSL connections in Germany are usually operated in the Annex B variant. You can obtain precise information on the Vairante used (Annex A or Annex B) from your provider of the connection. This applies especially to connections outside Germany.

Various expansion options

If the possibilities of the respective basic modules are not sufficient for you, you can extend your MRX at any time by different further modules, so-called MRXcards. More detailed information about the available modules can be found in the category Apps & Acessories.

Convincing and versatile

To ensure that a secure VPN connection can be used effectively, we offer you a convenient VPN portal. With the DELTA LOGIC Connectivity Service, you can create VPNs of any complexity and access the end devices via direct routing.
You don't want to set up your router for our DELTA LOGIC Connectivity Service yourself? No problem. We will be happy to pre-configure your new router for you. Simply send us the completed router configuration form with your order.

Technical highlights

  • Segmentation into several local IP networks
  • Multiple VPN tunnels can be used in parallel
  • Firewall in the tunnel (e.g. demarcation of remote accesses)
  • Flexible administration with profile manager
  • Access management via user roles
  • Advanced event-based control (e.g. profiles, connections, redundancy)
  • High performance for broadband networks and high VPN data rate
  • Made in Germany
Cellular communication (MRX LTE)
Frequency bands, data rates (LTE world) 4G/LTE: 1 (2100 MHz), 2 (1900 MHz), 3 (1800 MHz), 4 (2100/1700 MHz, AWS), 5 (850 MHz), 7 (2600 MHz), 8 (900 MHz), 12 (700 MHz), 13 (700 MHz), 14 (700 MHz), 18 (850 MHz), 19 (850 MHz), 20 (800 MHz), 25 (1900 MHz), 26 (850 MHz), 28 (700 MHz), 38 (2600 MHz), 40 (2300 MHz), 41 (2500 MHz), 66 (2100 MHz), 71 (600 MHz)
LTE Cat 4 (DL: 150 Mbit/s, UL: 50 Mbit/s)
3G/UMTS/HSPA: 1 (2100 MHz), 2 (1900 MHz), 3 (1800 MHz), 4 (2100/1700 MHz AWS), 5 (850 MHz), 6 (800 MHz), 8 (900 MHz), 19 (850 MHz)
HSPA+, HSUPA (DL: max. 21 Mbit/s, UL: max. 5,7 Mbit/s)
2G/GPRS/EDGE: 850, 900, 1800, 1900 MHz; GPRS/EDGE class 12 (DL/UL: max. 237 kbit/s)
Frequency bands, data rates (LTE Standard/EMEA) 4G/LTE: 1 (2100 MHz), 3 (1800 MHz), 7 (2600 MHz), 8 (900 MHz), 20 (800 MHz)
LTE Cat 3 (DL: 100 Mbit/s, UL: 50 Mbit/s)
3G/UMTS/HSPA: 1 (2100 MHz), 3 (1800 MHz), 8 (900 MHz)
HSPA+, HSUPA (DL: max. 42 Mbit/s, UL: max. 5,7 Mbit/s)
2G/GPRS/EDGE: 900, 1800 MHz; GPRS/EDGE class 12 (DL/UL: max. 237 kbit/s)
Antenna connection 2x SMA female (Main antenna, optional external antenna MIMO)
SIM Slot for 1 Mini-SIM card (2FF), locked
Further provider redundancy using multi-roaming SIM cards
Dual APN Splitting of cellular data traffic over 2 APNs (with 2 SIM cards) , e.g. separation of user and management data
Cellular Status Signal field strength, RSSI, RSCP / Ec/No, RSRP / RSRQ, cell ID, location ID
VDSL/ADSL (MRX DSL)
DSL standards MRX DSL-A (Annex A):
- VDSL2 G.993.2 Profile 8b, 8c, 8d, 12a, 12b, 17a. 30a, VDSL2 Vectoring G.993.5
- ADSL/ADSL2/ADSL2+ G.992.1 Annex A, G.992.3. Annex A/L/M, G.992.5 Annex A und M, T1.413
MRX DSL-B (Annex B):
- VDSL2 G.993.2 Profile 8a, 8b, 8c, 8d, 12a, 12b, 17a. 30a, VDSL2 Vectoring G.993.5
- ADSL/ADSL2/ADSL2+ G.992.1 Annex B, G.992.3. Annex B, G.992.5 Annex B und J
DSL connection RJ45 connector
SFP/Fiberglass (MRX Fiber)
SFP ports 2 x SFP cages for fibre optic transceiver modules according to SFP-MSA, 1000BASE-X, 100BASE-X
Hardware interfaces
Ethernet ports 5 x RJ45 shielded, 10/100 Mbit/s, Full/half duplex, Auto MDI-X, 1.5 kV isolation voltage
Ethernet function Assignment to IP network freely configurable per port, link up/down detection, configuration port
Inputs 2 digital inputs (available in all basic variants), status can be monitored: 1x low active (connection to GND) 1x high active (connection to 10...24 V DC, as per EN 61131-2, type 1)
Displays (LEDs) Power, WAN (Internet connection), Info (configurable), Signal (for cellular communication), DSL (for DSL), SFP1 / SFP2 (SFP status and activity, for MRX Fiber)
Further interfaces Optional addition of MRXcards (modular design)
Network
Network functions 100 local IP networks, IP static/DHCP, TCP, UDP, IPv4, IPv6, NTP, DHCP, DNS, HTTP/S, ARP, SSH, 802.1Q VLAN incl. tags and trunk ports
Service DHCP Server v4/v6 per IP network, DHCP relay, NTP server, DNS, DynDNS, IPv6 Router Advertiser
Routing Static routing, routing priority, RSTP, dynamic routing (OSPF, BGP, RIPv1, RIPv2, RIPng)
WAN redundancy/failover Several WAN connections configurable also in parallel operation, fallback level for connection breakdown (failover), event-based WAN changeover (see events)
Connection check Periodic, ping/icmp, DNS request, link up/down
DSL PPPoA and PPPoE (MRX3/5 DSL und MRcard PD-A/B); external DSL modems: PPPoE
NAT/PAT SNAT/DNAT (masquerade, netmapping, port forwarding, IP forwarding) unlimited number of rules
VPN
DELTA LOGIC Connectivity Service Supports VPN service for remote maintenance, remote access and M2M-communication
OpenVPN Client/Server, several parallel tunnels, server with up to 20 clients, tls-auth/tls-crypt, dead peer detection (DPD)
OpenVPN encryption DES EDE 128, DES EDE3 192, AES 128-256 CBC/GCM, SHA 256-512
IPsec IKEv1, IKEv2 (automatic, fix), several parallel tunnels, pre-shared keys, certificates, tunnel mode, transport mode, dead peer detection (DPD)
IPsec encryption DES EDE3 192, AES 128-256 CBC/GCM, SHA 256-512 DH-Group 1-31 (Diffie-Hellman 768 - 25519), ChaCha20-Poly1305
GRE GRE via IPsec, point-to-point, multipoint
PPTP PPTP client/server; PAP/CHAP/MS CHAP/MS CHAP V2; MPPE 40-128
Dynamic VPN Dynamic multipoint VPN (GRE, IPsec, NHRP, EIGRP, OSPF, RIPv1/v2, BGP)
IT security
Authentication Pre-shared key, X.509 certificates, RADIUS, access rights (read, write, status)
Firewall/netfilter IP filters (stateful firewall) also in VPN tunnel; packet filter: TCP, UDP, ICMP, ESP, AP, GRE; MAC filter; pre-defined firewall rules can be activated
Security Booting signed firmware, HTTP/HTTPS attack prevention; response upon events: configuration change, link up/down, restart, login attempt, netfilter violation, password hashing
IoT and Cloud (icom Data Suite, license required)
Function icom Data Suite Machine connection and data processing; connection to cloud and SCADA Systems; arithmetic & logic functions; data logger; dashboard
Data acquisition CODESYS, Modbus TCP/RTU, MQTT, Siemens S7, OPC UA Client, IEC 60870-5-101, digital input, analog input (if present)
Data transmission MQTT, OPC UA Server, IEC 60870-5-104, Modbus TCP/RTU, e-mail, SMS, SFTP, digital input, analog input (if present)
IoT platforms MQTT compatibility: Thingsboard, Cumulocity, AnyViz, Azure IoT Hub, Bosch IoT Suite, AWS IoT Core
Events & Actions
Event & Action Handler Notification, alarming, diagnosis, attack detection, fault handling, operation and commissioning logic
Events/alarms (selection) Change: digital input, Ethernet port, WAN chain, profile status, supply input (with MRX), cellular field strength; timer expired, firewall violation, login attempt detection, pulse sequence on digital input, counter, netfilter rule
Event-triggered (selection) Messages via e-mail, SMS (only LTE variants), SNMP traps, MCIP; switch profile, switch connection, change modem state, start timer, switch output or pulse sequence, activate firmware, reset, restart container
Programming environment/scripting
Container environment Installation of several application containers, container with own IP end point, assignment to IP networks - full firewall and routing transparency; access control, SDK available
Container Ressources CPU: 50% of ARMv7 (720 MHz), RAM: 448 MB, Flash: 3 GB eMMC
Lua scripting Lua interpreter for own scripts
Monitoring and Management
Monitoring SNMP traps and agent, configurable system logs, remote syslog, link up/down detection, netfilter violation
Certificate management EST, CRL
Administration
Configuration Web Interface HTTP(S) with session management, command line interface (CLI), Telnet, SSH, configuration profiles as ASCII and binary file, ample configuration profiles event-triggered, REST API
Diagnosis tools ping/icmp, tcpdump, traceroute, DNS Lookup, AT commands, port mirroring
FW update Incremental, failsafe, update server (HTTP, FTP, HTTPS, FTPS)
System time NTP client and server, buffered real time clock
Help Web interface: inline help, online help; example profiles, plausibility check, Configuration Guides
Supply
Voltage 12 ... 24 V DC (± 20% 9,6-28,8 V), 2 supply connections with changeover detection, reverse-polarity protected
Terminals 5-pin push-in terminal connectors (maintenance free), rigid/flexible conductors up to 2,5 mm2
Power consumption (basic variants without further MRXcards) MRX LAN: typical approx. 2.0 W, max. 3.5 W
MRX DSL: typical approx. 6.5 W, max. 8.0 W
MRX LTE/LTE450: typical approx. 2.5 W, max. 8.0 W
MRX Fiber: typical approx. 5.5 W, max. 7.0 W (thereof typically approx. 4.5 W MRX Fiber + assumption approx. 0.5 W typically per SFP module)
Ambient conditions
Dimensions (WxHxD) MRX3: 82 x 117 x 88 mm
MRX5: 136 x 117 x 88 mm
Weight MRX3 LAN: 305 g
MRX3 LTE/LTE450/Fiber: 320 g
MRX3 DSL: 330 g
MRX5 LAN: 395 g
MRX5 LTE/LTE450/Fiber: 410 g
MRX5 DSL: 420 g
Mounting DIN rail mounting, Horizontal pitch (HP) on DIN rail: 5 HP (MRX3), 8 HP (MRX5)td>
Operating temperature -30...+75 °C (MRX LAN, MRX LTE, MRX LTE450)
-25...+60 °C (MRX DSL)
-25...+55 °C (MRX DSL in combination with MRXcard PD/PL/PL450/PLS/Fiber)
-30...+65 °C (MRX Fiber)
-30...+55 °C (MRX Fiber in combination with MRcard PD/PL/PL450/PLS/Fiber)
Humidity 0...95% (non-condensing)
Protection class Housing: IP40
Approvals & Standards
Certifications All variants: CE, UKCA
Additionally for MRX LAN 1.x, MRX Fiber 1.x and MRX LTE: FCC part 15 class B, IC
EMV Emission: EN 55032 Class B, EN 61000-6-3; immunity: EN 55035 (replaces EN 55024), EN 61000-6-2
Safety IEC/EN 62368-1
Environmental conditions Vibration/shock as per PLC standard EN 61131-2 and EN 60068-2-6, EN 60068-2-27;
Temperature tests as per EN 60068-2-1, EN 60068-2-2, EN 60068-2-14, EN 60068-2-30
Operation time MTBF > 880,000 h (25 °C), according to SN 29500 standard (according to IEC 61709)
Data sheet MRX
Data_sheet_MRX.pdf 2.22 MB December 19, 2024
Manual MRX
Manual_MRX.pdf 2.91 MB December 19, 2024
Quick Installation Guide Router English
QIG_Router_en.pdf 1.46 MB December 12, 2023
DELTA LOGIC Connectivity Service First Steps
DLCS_First_Steps.pdf 122 KB January 08, 2024

I cannot connect to my Siemens HMI panel (KTP1500 Comfort, KTP600 Basic,... ) via VPN in the TIA Portal. Why?

1. With HMI panels only "Advanced online loading" can be used in the TIA Portal, "Advanced online connect" is basically not possible.
2. "PG/PC interface" TAP-Windows Adapter..." must be selected as interface.
3. With some HMI panels (KTP600 Basic) the "PN/IE interface" cannot be used, in these cases the "Ethernet interface" has to be used.
4. For some HMI panels (e.g. TP700 Comfort), the "Display all compatible stations" option must not be active.