Buy or Renew
Buy or Renew
ATTENTION: We are currently working an issue with posting. Thank you for your patience while we work on a resolution.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1636
Views
0
Helpful
15
Replies

Network/Routing design questions

Go to solution
ronin2307
Level 1
Level 1

‎05-05-2009 07:55 AM - edited ‎03-06-2019 05:32 AM

Hi,

I have a following situation and I am not quite sure how to go about it:

On a customer site we need to establish an internal network for our equipment (PLCs), which is to be separated from their local office/plant network. We are currently thinking about putting a ASA5505 to separate the internal network from ours and only allow traffic from their firewall to the outside IP of the 5505. The idea is to use VPN to connect to their internal network first and then use the outside IP of the 5505 (which would be an internal IP on their network) to access our network (within theirs)

So far so good, however there is an issue: we need to address the PLC by their IPs, which will be on a different subnet from theirs.

so the bottom line is this:

1. Their firewall

2. THeir internal subnet (192.l68.1.0/24)

3. Our ASA5505 on their internal network (outside IP 192.168.1.100, inside IP 10.0.0.1 for example)

4. we need to access out PLCs on the 10.0.0.0 subnet by their IPs

what would be a good way of doing this? any thoughts or ideas will be appreciated

many thanks

Labels:
0 Helpful
15 Replies 15

Go to solution
ronin2307
Level 1
Level 1
In response to Jon Marshall

‎05-05-2009 05:31 PM

It's EtherNet/IP. apparently industrial ethernet. I tried to google cisco with enip and came empty handed. we are trying to see if allen bradley (their PLC) has suggestions. Worst case, we put a PC on the inside with the appropriate software and remote desktop to it.

I do have a question regarding the ASA config:

I have managed to set the ACL and NAT properly for the 192.168.1.0 network (this is where the outside interface of the ASA resides). However, when I VPN to my network, I am assigned an IP in the 192.168.10.0 subnet (that is what the firewall is configured to give VPN clients.

so 192.168.10.0 can talk to hosts on 192.168.1.0. no problems there. However when I tried to access an FTP server i set up on the 10.0.0.0 subnet (inside interface of the ASA, with proper NATing for a 192.168.1.13 IP to 10.0.0.10) the ASA dropped the packets (something about cannot find the egress interface for inside.....)

I am obviously missing something but I am not sure what I need to add to the config. Any help again will be extremely appreciated

Thanx

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card