How to integrate a separate sub-network within a customer's existing LAN?

Question

I work for a machine builder, and our system has it's own ethernet network (192.168.1.x) with a switch and a dozen devices, most of which have firmly established static IP addresses. For our next job we will be integrating our machine/system into our customer's larger LAN network. Our system needs internet access, but for security reasons, should not be able to access anything in the customer's existing network. Assuming that the customer's LAN addresses are 192.168.55.xx, we would still need to preserver our own internal addressing. What is the easiest way to achieve this? Does our system require a router to interface with the customer's existing network? Or can it be done via their router via subnetting?

Extra info: we need to be able to access our system remotely via VPN (Hamachi), remote desktop, and port-forwarding for remote viewing of two of our own IP cameras.

Thanks

Answer 1

as the two networks, existing company network 192.168.55.0/24, and your hardcoded network 192.168.1.0/24, are mutually exclusive, and neither should access each other, this would be a good place to leverage a firewall with three interfaces. one public IP, one 192.168.55.1/24, and one 192.168.1.1/24.

you then set up nat and fw rules. there are many firewalls to choose from. my favorites are linux iptables and freebsd pfsense.... if you have lots of cash check out the cisco pix/asa's

once this is set up, portforwarding and vpn can be configured for either or both internal LANs. pfsense gives you a ton of vpn options, and configuring openvpn for remote clients is easy.