I have a SCADA network that I have firewalled segmented off from the business network with a Meraki MX84. The business network is a large routed MAN over fiber. All private IP addressing. I now need to have a computer across the MAN access the SCADA network. Could I turn on VPN client on the MX84 and have the computer do a VPN over the inside MAN private IPs to the MX84 in order to create a secure tunnel?
Next step up if you are super anal. Leave the jump host powered down by default so there is no remote access to SCADA at all. Also configure the jump host to shutdown automatically after 60 minutes.
Have an approval process to get access to SCADA network. If the request for access is approved (say for 7am), you power on the jump host at that time. Remote user gets 60 minutes to complete what is required on their access request, and then access is automatically removed when the jump host shuts down.
Bonus points for enabling auditing on the jump host to make sure all logins are recorded and the IP address they are connecting from.