Hi shobithk,
You can restrict users to access only to certain servers. You can do it using the following ways:
1) You can configure/alter the inside access list on the PIX. You can allow access to the IP pool (local) from only specified servers, which will restrict access. for eg, if the server ip is 192.168.1.1 and the IP pool assigned is 10.10.10.0/24, you can add the following on the inside interface:
access-list inside permit ip host 192.168.1.1 10.10.10.0 255.255.255.0 any
other traffic from the IP pool never reaches out of the PIX.
2) If you have a ACS server , you can configure downloadable access-lists, user based. After authentication, ACS will see the user and apply particular access list on the VPN client. You can search for "downloadable ACLs in ACS" topic on CCO.
3) In case, you have a VPN concentrator, you can apply firewall policies for the VPN clients, which will restrict access. Unfortunately, PIX doesnt support this. You should have a VPN 30xx concentrator for this.
4) If needed you can enable split tunneling and restrict access through the IPSEC tunnel. You can configure access-lists, which will allow only the specified traffic to pass through the tunnel. all the other traffic is put onto the LAN card. This is generally not advisible, though !!!
access-list 100 permit ip 10.10.10.0 255.255.255.0 host 192.168.1.1
vpn-group abc split-tunneling 100
thus, traffic only to 192.168.1.1 is allowed on the tunnel. other traffic is blocked.
5) In case you have a layer 3 switch inside, you can restrict the access to the LAN there. you can put ACLs on the VLAN and restrict..
Hope this helps.. you can choose any one of the above solution for your scenario. all the best... rate replies if found useful..
Raj