How to limit a group's acces to one host inside the network

I have created a group to which I want to give access to a single server for their dev. work.  How can I limit them to just that IP?  I tried creating a filter and applying a rule for the group but they can still ping other machines.  The rule drops by default unless they try to hit the machine I want them to access.  Its like the rule isn't working.  I know I am missing something simple but I can't see it.
Who is Participating?
Alan Huseyin KayahanConnect With a Mentor Commented:
  Hi freymish
        Following is an example, I hope you find out what you have missing after comparing. Lets say that is the inside server that you want to allow access only

ip local poo VPNpool netmask
tunnel-group TestVPN general-attributes
 address-pool VPNpool
 default-group-policy TestPolicy

group-policy TestPolicy attributes
  vpn-filter value restrict_ACL

access-list restrict_ACL permit tcp host eq 3389
access-list restrict_ACL deny ip any any
Voltz-dkConnect With a Mentor Commented:
If it isn't a must that they need to tunnel everything, the easiest way is to make a split-tunnel for that 1 IP.
All Courses

From novice to tech pro — start learning today.