What is the best way to limit access to specific hosts on an IPSec VPN profile?
For example, say that I have an IPSec VPN between a Peplink and a non-Peplink firewall (Cisco ASA for example, since I have quite a few of these). Details would be:
Source LAN : 10.0.1.0/24 (Hardware is PEPLINK)
Dest LAN: 10.0.2.0/24 (Hardware is non-PEPLINK)
VPN Setup: Setup to allow all source 10.0.1.0/24 access to all destination 10.0.2.0/24 (typical VPN setup)
Could I then add firewall rules on the Peplink device such that source 10.0.2.0/24 can only access ip host 10.0.1.100/32, even though the entire LAN subnet is configured in the VPN profile ?
Let me know if this would be the best way to configure this kind of limitation? Or would I be better off setting the SOURCE ip in the VPN profile (on the Peplink Device) as 10.0.1.100/32?
Finally, does this go in INTERNAL NETWORK FIREWALL rule or INBOUND FIREWALL rule?