Hi,
You could use a control plane ACL on the ASA to restrict access. E.g.
object-group network ALLOWED_RAVPN
network-object host 11.1.1.1
network-object host 12.1.1.1
access-list CPLANE extended permit tcp object-group ALLOWED_RAVPN interface OUTSIDE eq https
access-list CPLANE extended permit udp object-group ALLOWED_RAVPN interface OUTSIDE eq isakmp
access-list CPLANE extended permit udp object-group ALLOWED_RAVPN interface OUTSIDE eq 4500
access-list CPLANE extended permit esp object-group ALLOWED_RAVPN interface OUTSIDE
access-list CPLANE extended deny ip any any
access-group CPLANE in interface OUTSIDE control-plane
HTH