Ok so there are multiple ways actually to do this depend upon situation.
1) If users are locally authenticated then you can create ACL call that under group-policy as VPN filter.
For ex,
access-list 104 extended permit ip <10.10.200.0 255.255.255.0>
group-policy xxxx internal
group-policy xxxx attributes
vpn-filter value 104
2) You can configure same thing for users if authenticated locally.
username xxxx attributes
vpn-filter value 104
3) If user auth is configured on ACS then you can also control access by using downlodable access list.
Thanks
Ajay