Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 166
  • Last Modified:

Restricitng access to a IP range

Hi,

We have some PLC's at a remote site that use a 10.0.0.0 subnet. These are normally accessed via VPN by directly VPNing into the site. I would like to change this procedure, so the tech's that access these PLC's need to VPN into our main site and then be routed to the remote site.

So I don't have to get our ISP to doing any route changes for us I would like to change the PLC's ips to be included in the normal site subnet of 192.168.8.0/24. To do this I need to restrict access to the IPs we allocate to the PLC's.

So for example I would have a range of 192.168.8.200-210 for the PLC's and the only people that should be able to access this range would be a security group - PLC tech. Can I use either DNS or group policy to allow this to happen?

Thanks
0
Balco
Asked:
Balco
  • 4
  • 3
1 Solution
 
jensenjlCommented:
Can you configure a site to site vpn between the firewalls at each location?  

I have many multi-site networks that use different IP scopes.  Each remote site is connected via site to site vpn and each site is able to access other sites as if it were local.
0
 
BalcoAuthor Commented:
We have a private IP Network through our ISP which ensures we can access each site as if it was locally just on a different subnet. Our main site is on subnet 192.168.1.0 and the remote site main subnet is 192.168.8.0. I can access the 8 subnet as this is fully routed through our site routers and the private IP network.

The 10.0.0.0 subnet has not been routed at this stage and is only accessible by VPNing to that site or logging into the DNS server onsite as the DNS server.

If I can put the PLC's onto the 192.168.8.0 subnet and secure the IP range it will mean I dont have to get our ISP involved with router changes and the Techs can just VPN into our main site and see the PLC's
0
 
jensenjlCommented:
Could you put those devices in a DMZ and restrict DMZ access to the VPN users?
0
New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

 
jensenjlCommented:
Or is it possible to use a VLAN and have the VPN users as part of the same VLAN?
0
 
BalcoAuthor Commented:
It is possible to have another VLAN, but once agian that will involve our ISP provider making changes, which it it looking like what we might have to do.

The only other way is to pur some security on the switch that sits in fron of the PLC's.
0
 
BalcoAuthor Commented:
We have decided to shift the PLC's into the 192.168.8.0 subnet since you need special software to edit these and beleive it is a minor risk that someone will be able to do this who is not authorised
0
 
BalcoAuthor Commented:
This is not a total soltuion with security
0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now