I've got a 2820 and have it set up for incoming VPN connections to use L2TP with IPSec/ESP/IKE.

I'd like to set up the firewall so that only these incoming VPN sessions are allowed (no outgoing traffic).

Am I right in thinking I just need to allow the various IPSec UDP ports and block all others?