You can’t do this on Layer 2. You would need to use Layer 3 to control traffic with the internal firewall rules.
You could use Layer 3 with both subnets having the same subnet, then enable virtual network mapping so that each site thinks the other is available on a different subnet. Then on one site you would access the IP on the other site with the virtual IP instead. Then on each site you could use the firewall to block traffic to and from the remote sites virtual mapped network.
We did that now. One end was NAT to 172.30.0.0/24 and other end was NAT to 172.31.0.0/24
L2VPN removed. Only PepVPN is configured.
The tunnel is “EASTABLISHED” , but we do not get ping of each other.
One more thing we cant keep the end user PC’s gateway as peplink lan ip. Each PC has another firewall/router as gateway. This is same for both the sides.
Please see attached screenshots of one Peplink appliance.
And help us further.
Ah in which case the LAN devices will not know to send traffic for the remote site via the Peplink. You will need to add a static route to the gateway at each site for the remote virtually mapped network with next hop as the Peplink LAN IP.
VNM at both Peplink routers worked for us. And now with PEPVPN+VNM we could work it out. Ping works.
Yes, we will do the routing today on their firewall and let you know.