Firstly, I get that the title is odd.. that's why I'm asking. I have a design issue which I am trying to figure out, but not sure if I am really barking up the wrong (or nonexistent) tree.
Basically, I have a PLC device (172.16.1.10) which sends packets to a particular IP address and port (172.16.1.2:5656), and I am unable to change the IP address of this device or the IP address which it sends it's packets. We have a server (172.16.1.2) listening for these packets which is currently on the same subnet so everything is working well (for the moment).
We will be deploying this solution to multiple sites and linking back to our network via VPN, so obviously having duplicate IP addresses at each site is a problem. On top of that, the manufacturer of this part of the unit wants remote access to their devices on the network, so I want to separate our server and the rest of our gear into a different subnet (10.0.0.0/24) and only allow the previously mentioned packets to traverse from 172.16.1.0 to 10.0.0.0.
I have been testing with the following kit - Cisco SF300-24PP and Sophos XG 85. So far I have setup the VLANs on the switch and firewall and have created a NAT rule in the firewall to route the packets between the two IP addresses (172.16.1.2 -> 10.0.0.2) . However, when attempting to send packets from 172.16.1.10, all I am seeing is arp requests hitting the firewall which obviously aren't being answered.
I feel like what I am attempting to accomplish here isn't entirely possible?
Edit: here is a quick diagram
No comments:
Post a Comment