We have multiple vlans that can talk to each other. One of them is 10.1.1.xxx (24bit mask).
Outside contractor (not IT related) created their own 192.168.33.xxx (24 bit mask) network for our production equipment and now they would like to access it from the internet.
We have VPN (watchguard firewall) available for users and can give VPN access for the contractor.
What would be the best way to set this up (see diagram) so User 1 can access192.168.33.xxx. network. Their private 192.168.33.xx needs to be routed through 10.1.1.xxx network. As long as they can ping their devices from the internet we are good to go.
and second question is
is it possible for 10.1.1.xxx, 10.10.10.xxx and 10.30.30.xxx (all can see each other) networks to have access to 192.168.33.xxx (e.g. user4 have access to 192.168.33.xxx)?