We are a small company running an ASA 5505 and up until today, we've had about 10 mobile VPN users connecting from wherever they can get wireless access. Today we setup a seperate group tunnel for a development team that will also need access to the VPN. There are only a few with the company that need access and they do not want to setup a lan2lan vpn. We created IPSEC-ra accounts for these users but now we want to make sure they only access our VPN from their location which has a static IP. No programmers should be accessing the network from home or any other remote location. Is it possible to setup a configuration where the mobile users can connect from any source IP however the developers are teathered to one?