I have a Cisco PIX 506E and have an outside vendor that wants to VPN\ninto our network to a specific host. I have setup a pptp vpn\nconfiguration that works, but I now want to restrict who can establish\na vpn connection to the pix. The configuration I have today is:\n\naccess-list vpn permit ip 172.16.0.0 255.255.0.0 192.168.2.0\n255.255.255.0\nnat (inside) 0 access-list vpn\nsysopt connection permit-pptp\nvpdn group 1 accept dialin pptp\nvpdn group 1 ppp authentication pap\nvpdn group 1 ppp authentication chap\nvpdn group 1 ppp authentication mschap\nvpdn group 1 client configuration address local pptp-pool\nvpdn group 1 pptp echo 60\nvpdn group 1 client authentication local\nvpdn username ***** password *****\nvpdn enable outside\n\nThis works, but anyone can start a tunnel to my pix. How do I\nrestrict who can establish a vpn to this device? Is it through normal\nacls or object-groups? If so, how do I associate them to the vpdn\ngroup?\n\nThanks in advance for any help!