Hi All,

I want to setup site to site VPN tunnels from our support site to the customer end. We run into a problem where the customer site can see our entire LAN and all the machines on it.

Is there a way to stop this behavior. So we can see the sites LAN but the site cant see our machines. As we want to start sending there backups to our colo via the VPN. This is possible on a Fortinet to Draytek LAN-LAN which we have tested from another site.

Many thanks

Robin

Set up Firewall filter rules to block traffic in that direction, so that incoming traffic from the VPN tunnel is blocked.

To do that, set up a rule in Filter set 2 with the direction of VPN > VPN
Source IP: Remote subnet
Destination IP: Local subnet
Service Type: any
Action: Block

That should then limit access over the VPN so that your network can access the remote side but the remote side cannot connect directly to your network.

Thank you for your reply.

Could you point me on where to do this please?

Im using a 2830

Thank you

Just an update.

I found where I needed to be. Followed your instructions to the T and it worked a treat! Thank you very much!