Hi,

You could use a control plane ACL on the ASA to restrict access. E.g.

object-group network ALLOWED_RAVPN
 network-object host 11.1.1.1
 network-object host 12.1.1.1

access-list CPLANE extended permit tcp object-group ALLOWED_RAVPN interface OUTSIDE eq https
access-list CPLANE extended permit udp object-group ALLOWED_RAVPN interface OUTSIDE eq isakmp
access-list CPLANE extended permit udp object-group ALLOWED_RAVPN interface OUTSIDE eq 4500
access-list CPLANE extended permit esp object-group ALLOWED_RAVPN interface OUTSIDE
access-list CPLANE extended deny ip any any

access-group CPLANE in interface OUTSIDE control-plane

 HTH