Block certain IP addresses from access PepVPN / SpeedFusion End Points

Hello!

I have PepVPN / SpeedFusion End Points setup between multiple offices.

Our main corporate office is on a Balance 305 and main network here is 192.168.127.x

I have a remote office (connected via PepVPN) which is 192.168.30.x. All sub/remote offices are Balance 20’s.

I have 4 users (by IP) I would like to give access to the 192.168.127.x network, but want to restrict the rest. Currently the entire 192.168.90.x subnet can access all of 192.168.127.x.

I have added the 4 allowed devices as static DHCP reservations, 192.168.90.106,.113,.123,.124.

I would also like to limit the 192.168.90.x subnet from accessing my other networks. My networks are as follows.

10.0.25.0/24, 10.0.32.0/24, 10.0.64.0/24, 10.0.128.0/24, 10.1.10.0/24, 192.168.10.0/24, 192.168.30.0/24, 192.168.40.0/24, 192.168.123.0/24, 192.168.127.0/24

I’ve attempted adding block rules at 192.168.90.1 to block all traffic coming from 192.168.90.x network to anything at 192.168.127.x, and then setup ALLOW rules for the 4 specific IP addresses (listed above), but it seems it never limits the traffic coming from anything on the 192.168.90.x subnet.

Ideas or best practices on limiting traffic across the PepVPN?

This post seems to describe my exact situation. I suppose I will open a helpdesk ticket.

https://forum.peplink.com/threads/3020-PepVPN-Disable-peers-from-talking-to-each-other?highlight=PepVPN+block

Hi,

Can you share which firmware you are using on B305 and B20?

Can I have the screen shot of Inbound and Outbound Firewall rules on B305 amd B20?

Well, upgrading to 6.2.0 across all my PEP’s made all correct and work properly. 6.1.2 does have a bug that prevents blocking this traffic… All is good now at 6.2.0. Thanks Everyone!