Hi
I'm thinking about getting a draytek 2860 router to replace an Asus RT 68AC

What I'd like to do is use the IPSEC VPN to connect to a remote site, but I only want that to have specific access to my LAN.
Can I configure it to only be able to talk to specific IP Addresses ? or certain port based VLANs ?

Thanks

Access through the VPN tunnel can be restricted based on LAN IP/subnet when creating the tunnel.
It can also be done using the firewall (which is what I recommend) by making filter rules to control access between the networks, with the filter rule direction of "LAN/RT/VPN > LAN/RT/VPN" for LAN to LAN VPN traffic.

Thanks - will this work if all LAN devices are in the same IP Range 192.168.1.xxx, but I only want the VPN to have access to 192.168.1.11/12 ?

Yes, you could create a filter rule to allow access to those two IPs (either as a range or individual IP objects), then a rule after that would block access to the rest of the subnet.