PepVPN - Disable peers from talking to each other


#1

Good day,

I have a 380 at location HQ
I have 310s at Branch A and Branch B

PepVPN connection from Branch A to HQ
PepVPN connection from Branch B to HQ

I notice now that Branch A and Branch B are able to talk to each other.

I don’t want this to happen, what is the best way to prevent?

Thank you,
Jason


#2

Hello,

You can setup a inbound firewall rule on the 310’s to deny the LAN networks of either end.


#3

Thank you for your reply

If I setup an Outbound firewall rule at Branch A, I can block traffic to Branch B
If I setup an Inbound firewall rule at Branch B, I cannot seem to block traffic from Branch A

I would rather have B prevent A from getting in.

My Inbound rule at Branch B is set as follows
Protocol : Any
WAN : Any
Source : 192.168.175.0/24 (Branch A LAN)
Destination: Any
Policy: Deny

My assumption would be that the rule “WAN:Any” does not care about VPN traffic?


#4

Hello,

The below rules should work so Branch A cannot access Branch B and Vice-Versa.




#5

These firewall rules should work, however you can also control this from the HQ 380 central location.


#6

Hi Ron, that would be preferred!

I tried that first.

On the 380 I put both Inbound a Outbound rules to Deny Branch A subnet from Branch B subnet.

However, I am still able to ping from at PC at Branch A to a PC at Branch B


#7

Jarid, that is how I have it setup.

Branch A (192.168.175.x)


Branch B (192.168.176.x)


Unless I’m missing something basic (always possible)


#8

Hello Jason,

If you could open a support ticket one of our technical support members will be able to take a look and assist you to get everything working properly

http://cs.peplink.com/contact/support/


#9

Thanks, That’s what I’ll do.
I have to get these out the door but will follow up with a support ticket next week.


#10

Any resolution on this ticket? I am having the same issue limiting PepVPN traffic using rules.


#11

I would check and make sure the devices are on current 6.2.0 firmware as well. If they are and there is still a issue, appreciate if you could create a ticket for support to look further.


#12

Upgrading to 6.2.0 resolved the problem! thank you!!


#13

Hi,

I believe this have been resolved.
https://forum.peplink.com/threads/4527-Block-certain-IP-addresses-from-access-PepVPN-SpeedFusion-End-Points