I have windows pptp vpn access setup on an 1841 router. i need to be able to restrict access to internal hosts for VPN users. i have tried 'username access-class', but it does not seem to be working, unless i am just formatting my access list wrong or something.
username vpntest access-class 150 password test
access-list 150 permit ip 192.168.85.0 0.0.0.255 host 10.1.16.67
access-list 150 deny ip any any
VPDN pool is 192.168.85.0/24, main internal network is 192.168.80.0/24, with several others also (10.1.16.0/24).
in the example above, i want the VPN user to only be able to access that perticular host. however when i login, i can ping any host.