Nah, you've got the gist of it.
PLC1(Lan1) would have its gateway address set to the private side IP of the NAT device(NAT1) it is connected too. It would setup produced consumed tags with PLC2(Lan2) using the Public IP of PLC2 according to NAT2).
Vice versa for PLC2.
You would need 2 NAT capable 'things' and a way to connect the 2 NAT things. The public side IPs of the NAT devices should be on a subnet that can talk to either public side range.
Dravik & drbitboy, please accept my gratitude for sticking with me as I try to understand this. I guess the part that I'm hung up on (and if you can try to explain this to me I'd really appreciate it), is I get that you can translate one of the PLCs to have a unique address such as 192.168.1.2 --> 10.10.10.2 as was shown in that Rockwell slide. What I'm having trouble with is how does that help the other side of the equation?
In other words, if I had a controller at 192.168.1.1 and an I/O node at 10.10.10.2, my understanding is they would not be able to communicate since they are on different subnets. What am I missing here?
Again, forgive my stupidity. I feel like this is super simple but I'm just not getting it.