[c-nsp] (ASA) IPSec RA VPN, limit session peer IP addresses?

[Peter Rathlev]

Does anyone know if there's a way (on an ASA) to limit what source IP
addresses can establish an IPSec Remote Access VPN (Cisco VPN client
style) against a specific group?

The "vpn-filter" specifies what addresses one can reach after login, but
I would also like to limit what addresses (from the Internet) can login
in the first place. I cannot seem to find any knobs to limit this.

If there is a way using IOS instead I'm interested too.

Thanks in advance.

-- 
Peter