Im looking for a solution to handle remote access at our company. We
support systems that we have at customers. These systems would be for
example baggage handling systems, with PLC's, HLC's, servers etc.
In short a wide variety of clients. Because the machines are in the
customers network we need access to the machines remotely. We used to
do this by placing a VPN server device at the customers side and
connecting to that so we could access our part of the network behind
it. However many customers do not want a device in their network with
incoming connections that they dont control.

So we are looking for a solution where there are no incoming
connections at the customer, but rather the opposite: a client at the
customer LAN connecting towards a VPN server at our LAN. Outgoing
connections are usually less of a problem.

Something like below:

<a href="
action=view&current=Drawing1-1.jpg" target="_blank"><img src="http://" border="0"
alt="VPN Drawing"></a>

The idea is that our LAN and the customer LAN are somehow connected
(with VPN?), ensuring that Client 1 can directly access client 2 and
support it remotely, or client 1 to 3, same idea.

One problems is that client 2 or 3 could be a PLC, which means you
cant directly access it. You need to be able to connect towards it
with special software available on client 1, hence the direct access
is important.

Could you place some sort of device in the place of the "?????" on the
drawing that connects towards the VPN device and then routes the
incoming traffic client 1 sends over the VPN tunnel towards the
clients behind it (client 2, 3 etc)?

Im really drawing a blank on how to solve this.