Solved

Restricitng access to a IP range

Posted on 2013-06-18
7
161 Views
Last Modified: 2013-06-24
Hi,

We have some PLC's at a remote site that use a 10.0.0.0 subnet. These are normally accessed via VPN by directly VPNing into the site. I would like to change this procedure, so the tech's that access these PLC's need to VPN into our main site and then be routed to the remote site.

So I don't have to get our ISP to doing any route changes for us I would like to change the PLC's ips to be included in the normal site subnet of 192.168.8.0/24. To do this I need to restrict access to the IPs we allocate to the PLC's.

So for example I would have a range of 192.168.8.200-210 for the PLC's and the only people that should be able to access this range would be a security group - PLC tech. Can I use either DNS or group policy to allow this to happen?

Thanks
0
Comment
Question by:Balco
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 

Expert Comment

by:jensenjl
ID: 39258374
Can you configure a site to site vpn between the firewalls at each location?  

I have many multi-site networks that use different IP scopes.  Each remote site is connected via site to site vpn and each site is able to access other sites as if it were local.
0
 

Author Comment

by:Balco
ID: 39258390
We have a private IP Network through our ISP which ensures we can access each site as if it was locally just on a different subnet. Our main site is on subnet 192.168.1.0 and the remote site main subnet is 192.168.8.0. I can access the 8 subnet as this is fully routed through our site routers and the private IP network.

The 10.0.0.0 subnet has not been routed at this stage and is only accessible by VPNing to that site or logging into the DNS server onsite as the DNS server.

If I can put the PLC's onto the 192.168.8.0 subnet and secure the IP range it will mean I dont have to get our ISP involved with router changes and the Techs can just VPN into our main site and see the PLC's
0
 

Expert Comment

by:jensenjl
ID: 39258407
Could you put those devices in a DMZ and restrict DMZ access to the VPN users?
0
Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

 

Expert Comment

by:jensenjl
ID: 39258410
Or is it possible to use a VLAN and have the VPN users as part of the same VLAN?
0
 

Author Comment

by:Balco
ID: 39258521
It is possible to have another VLAN, but once agian that will involve our ISP provider making changes, which it it looking like what we might have to do.

The only other way is to pur some security on the switch that sits in fron of the PLC's.
0
 

Accepted Solution

by:
Balco earned 0 total points
ID: 39261655
We have decided to shift the PLC's into the 192.168.8.0 subnet since you need special software to edit these and beleive it is a minor risk that someone will be able to do this who is not authorised
0
 

Author Closing Comment

by:Balco
ID: 39270721
This is not a total soltuion with security
0

Featured Post

Surfing Is Meant To Be Done Outdoors

Featuring its rugged IP67 compliant exterior and delivering broad, fast, and reliable Wi-Fi coverage, the AP322 is the ideal solution for the outdoors. Manage this AP with either a Firebox as a gateway controller, or with the Wi-Fi Cloud for an expanded set of management features

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Most computer users do not realize how important their passwords are. Here’s the straight scoop on why you need a good password and how to create super strong passwords that are easy to remember and hard to crack. Thieves Are Trying to Steal Yo…
A few customers have recently asked my thoughts on Password Managers.  As Security is a big part of our industry I was initially very hesitant and sceptical about giving a program all of my secret passwords.  But as I was getting asked about them mo…
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question