I just inherited a new network which I'm in the middle of trying to lock down remote users for security reasons. Right now users that work from home remote in using the Cisco VPN Client. The remote access vpn is configured on a cisco vpn concentrator 3060. The LAN that users remote into is 10.10.0.0/16, which is a hugh subnet I know, but its already setup and working when I took this over. If I login to the cisco VPN Concentrator, the ip pool for the remote users is 10.10.248.1 - 10.10.255.254 255.255.0.0. Users that log into to the remote access vpn only need access to to 6 servers, not the entire 10.10.0.0/16 network. Is there a place on the concentrator where I can limit what internal IPs these remote users are allowed to access? My LAN switches consist of cisco 3550s, and I use a cisco ASA5520 as my firewall. The DHCP pool is in the same network as the LAN, so I'm not sure how to limit remote users to what they can access. Any assistance would be greatly appreciated. Thanks.