Restricting access over IPSec VPN

Hi, how do I restrict the access from my clients machines to our machines over an IPSec VPN Tunnel, I have already implemented a solution where I allowed the full IP-IP access on the actual VPN Tunnel on the VPN firewall but restricted the access to the machine which is behind another firewall.

Now how do I restrict the access to a machine which is directly behind the VPN Firewall.

Can anyone suggest.
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

nociSoftware EngineerCommented:
First, what equipment is used for terminating the IPSEC VPN.
That's the box that needs to do the filtering.
kskr_networksAuthor Commented:
Its a Cisco ASA 5520
nociSoftware EngineerCommented:
Then you have a statement like:

crypto map mymap 10 ipsec-isakmp
 set peer other.router.ip.address
 set transform-set some-transform-set
 match address 100

where the filter 100 is the address filter for the addresses that need to go through the tunnel
so be restricting what you allow in the filter will restrict what can be passed on.
The filter needs to be the same (opposite order )

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Internet Protocol Security

From novice to tech pro — start learning today.