I have a following situation and I am not quite sure how to go about it:
On a customer site we need to establish an internal network for our equipment (PLCs), which is to be separated from their local office/plant network. We are currently thinking about putting a ASA5505 to separate the internal network from ours and only allow traffic from their firewall to the outside IP of the 5505. The idea is to use VPN to connect to their internal network first and then use the outside IP of the 5505 (which would be an internal IP on their network) to access our network (within theirs)
So far so good, however there is an issue: we need to address the PLC by their IPs, which will be on a different subnet from theirs.
so the bottom line is this:
1. Their firewall
2. THeir internal subnet (192.l68.1.0/24)
3. Our ASA5505 on their internal network (outside IP 192.168.1.100, inside IP 10.0.0.1 for example)
4. we need to access out PLCs on the 10.0.0.0 subnet by their IPs
what would be a good way of doing this? any thoughts or ideas will be appreciated
Exactly. You need to use 1-1 IP mappings so for each PLC you will need a 192.168.1.x address from the customer that is not in use in their network.