Several EdgeRouters running IPSEC site-to-site tunnels between them. Just routing between the subnets by specifiying the local and remote subnets in the config
set vpn ipsec site-to-site peer remotesite.no-ip.ca tunnel 1 local prefix 10.249.0.0/24 set vpn ipsec site-to-site peer remotesite.no-ip.ca tunnel 1 remote prefix 10.249.16.0/24
I don't want to switch to using vti interfaces but I'm looking to block certain traffic between subnets. Seems like I can block traffic going to the router interface by using firewall rules on the WAN_LOCAL but if I'm trying to block traffic to certain hosts using WAN_IN it doesn't work.
Any suggestions?