That is how our current plant-wide network is set up.
192.168.1.x is our "business" network.
192.168.2.x is another business network.
192.168.3.x is our process network.
YUCK, why they have everything on a 192 network on the business side blows my mind. Business networks I've always seen 10.x.y.z or 172.x.y.z
The fun part will be the sales pitch to corporate IT (not just our plant) on getting more hardware
Given the setup you have, good luck. In reality, a good IT group should be able to come up with a good solution w/o blinking an eye.
Some of our equipment that shipped with it's own OEM supplied machine network.
What options do we have to allow comms from an external connection (on our 192.168.3.x network) to the internal network on the machine without readdressing the OEM network.
You want a Network Address Translation device, JohnCalderwood provided an example.Here is another
You need managed switches VLANs and a layer 3 managed switch to handle routing between the different VLANS.
192.168.1.x --> VLAN1
192.168.2.x --> VLAN2
192.168.3.x --> VLAN3
192.168.4.x --> VLAN4
A properly configured network with VLANs, the layer 3 switch can be configured to route VLAN3 and VLAN4 traffic giving you access to those networks but restricted access to the others. I hope there is a firewall at your SCADA/SQL server.
All of this consts $$$ and you need people competent to set it all up.
You say 192.168.3.x is isolated, but it is part of a plant wide network. So define isolated...