You can add ACL's to VPN user via Group Policy.
I'm not sure what you are tying to accomplish. Maybe Webmail access from the VPN to the barracuda?
Do you have a NAT Exemption statement for the VPN IP's to the barracuda?
Hope this helps,
Aaron Magruder
NonStop Networks, LLC
http://www.nonstopnetworks.net