Apply Firewall Rules to IPSec VPN profiles


What is the best way to limit access to specific hosts on an IPSec VPN profile?

For example, say that I have an IPSec VPN between a Peplink and a non-Peplink firewall (Cisco ASA for example, since I have quite a few of these). Details would be:

Source LAN : (Hardware is PEPLINK)
Dest LAN: (Hardware is non-PEPLINK)
VPN Setup: Setup to allow all source access to all destination (typical VPN setup)

Could I then add firewall rules on the Peplink device such that source can only access ip host, even though the entire LAN subnet is configured in the VPN profile ?

Let me know if this would be the best way to configure this kind of limitation? Or would I be better off setting the SOURCE ip in the VPN profile (on the Peplink Device) as

Finally, does this go in INTERNAL NETWORK FIREWALL rule or INBOUND FIREWALL rule?

-Joe Keegan

Hi Joe,

Yes, you can create such access control rule to control the traffic from network.

The access rule needs to be created at INTERNAL NETWORK FIREWALL.


Yaw Theng