I have BM3.8 (no service packs) setup and working. I have created a vpn traffic rule to allow our department to access all of the internal hosts on our network and another rule (according to Craigs' book) to not encrypt the Internet traffic. This works perfectly. Now however, I need to allow access to our network via vpn to some outside agencies and they are to be allowed access to only 2 hosts. On my first attempt, I created one rule that specified the user and only allowed the 2 hosts to be accessed. This did not work. On my 2nd attempt, I created one rule that denied the user everything and another rule to access only the 2 allowed hosts. This did not work either. In both scenarios, I could access everything while vpn'd in as that user. I have also tried changing the position of the rules (both at the top and at the bottom) with no luck.

This seems like a straight forward process, but I must be missing something?