DescriptionThis article explains how to provide IPsec VPN access for specific MAC addresses.
Solution1) Create policy based VPN phase1 and phase2.
2) Create IPsec firewall policy.
3) Go to system >> Network >> Interface >> edit "WAN interface" >> enable "DHCP server".
(a) Set the DHCP IP range, then select "Advanced" and set Mode as server.
(b) Create New and add the MAC address, IP address and set action as reserve lastly add "Unknown MAC address" action to block.
(c) Set the Type as "IPsec".
DHCP IP reservation can also be configured through CLI.
config system dhcp server
edit 2
set dns-service default
set interface "wan1"
config ip-range
edit 1
set end-ip 10.201.201.20
set start-ip 10.201.201.10
next
end
set mac-acl-default-action block
set netmask 255.255.255.0
config reserved-address
edit 1
set ip 10.201.201.15
set mac 00:22:19:17:c2:03
next
end
set server-type ipsec
next
end