thanks but the setup is like
IPSec server(Public IP)>>Some other ISP>>(WAN Public IP)My Router>>End customer(Sonic Wall)(have public ip from me)
i am using the firewall rule in My Router all of these have public ips and i am using OSPF in my router
If you want to keep them out of the hotspot and always authenticated then you should only have to put accept rules into the firewall filter like these
add src-address=x.x.x.x/32(remote side) dst-address=x.x.x.x/32(your customers ip) action=accept
add src-address=x.x.x.x/32(your customers IP) dst-address=x.x.x.x/32(remote side) action=accept
Put these in your whitelist section/ or the first two rules in /ip firewall filter to allow this past the hotspot/firewall system.
Ryan