Facing pod to pod ip connection issue in istio

Question

Not able to connect other pod ip from other pod when enabling REGISTER_ONLY in mode of config in engress gateway of istio

apiVersion: v1
data:
  mesh: |-
    accessLogEncoding: TEXT
    accessLogFile: /dev/stdout
    accessLogFormat: ""
    defaultConfig:
      concurrency: 2
      configPath: ./etc/istio/proxy
      connectTimeout: 10s
      controlPlaneAuthPolicy: NONE
      discoveryAddress: istiod.istio-system.svc:15012
      drainDuration: 45s
      parentShutdownDuration: 1m0s
      proxyAdminPort: 15000
      proxyMetadata:
        DNS_AGENT: ""
      serviceCluster: istio-proxy
      tracing:
        zipkin:
          address: zipkin.istio-system:9411
    disableMixerHttpReports: true
    disablePolicyChecks: true
    enablePrometheusMerge: false
    ingressClass: istio
    ingressControllerMode: STRICT
    ingressService: istio-ingressgateway
    outboundTrafficPolicy:
      mode: REGISTRY_ONLY
    excludeIPRanges: ""
    protocolDetectionTimeout: 100ms
    reportBatchMaxEntries: 100
    reportBatchMaxTime: 1s
    sdsUdsPath: unix:/etc/istio/proxy/SDS
    trustDomain: cluster.local
    trustDomainAliases: null
  meshNetworks: 'networks: {}'
kind: ConfigMap
metadata:
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"v1","data":{"mesh":"accessLogEncoding: TEXT\naccessLogFile: /dev/stdout\naccessLogFormat: \"\"\ndefaultConfig:\n  concurrency: 2\n  configPath: ./etc/istio/proxy\n  connectTimeout: 10s\n  controlPlaneAuthPolicy: NONE\n  discoveryAddress: istiod.istio-system.svc:15012\n  drainDuration: 45s\n  parentShutdownDuration: 1m0s\n  proxyAdminPort: 15000\n  proxyMetadata:\n    DNS_AGENT: \"\"\n  serviceCluster: istio-proxy\n  tracing:\n    zipkin:\n      address: zipkin.istio-system:9411\ndisableMixerHttpReports: true\ndisablePolicyChecks: true\nenablePrometheusMerge: false\ningressClass: istio\ningressControllerMode: STRICT\ningressService: istio-ingressgateway\noutboundTrafficPolicy:\n  mode: REGISTRY_ONLY\nexcludeIPRanges: \"\"\nprotocolDetectionTimeout: 100ms\nreportBatchMaxEntries: 100\nreportBatchMaxTime: 1s\nsdsUdsPath: unix:/etc/istio/proxy/SDS\ntrustDomain: cluster.local\ntrustDomainAliases: null","meshNetworks":"networks: {}"},"kind":"ConfigMap","metadata":{"annotations":{},"labels":{"istio.io/rev":"default","release":"istio"},"name":"istio","namespace":"istio-system"}}
  creationTimestamp: "2021-01-04T10:57:02Z"
  labels:
    istio.io/rev: default
    release: istio
  name: istio
  namespace: istio-system
  resourceVersion: "3289298"
  selfLink: /api/v1/namespaces/istio-system/configmaps/istio
  uid: a912bef1-4be2-4a48-a632-0495a79cc880

but when I am enabling mode to ALLOW_ANY then it's able to connect to other pod using pod ip. We want to block external calls from the cluster but want to allow pod to pod ip communication using IP

I tried to add excludeIPRandge and includeIPRange but it's still not able to make pod to pod connection with pod ip.