So i am setting up somethign in my lab and ran into an issue that i can't find a solution for

1.  i want to do a full tunnel and allow the users who log into to access specific servers .

2. i want all internal (on my company's network) computers to be able to connect to the Network Connected computers but the Network connected computers should not be able to initiate a connection to all of my Internal (on my company's network) computers except the ones i specified in step 1.

If i setup the ACL policy like

10.x.x.x.:81

10.x.x.x.:8443

etc

this does the part of the problem. But where do i allow the inbound traffic? All the inbound traffic from the internal network to the network connected computers is blocked by the IVE. i know this because there is no firewall in this lab setup between my internal network and the network connected IP addresses.

The only way i can allow internal computers to talk to the network connected computers is by adding the specific ip address of the internal computer and specify 10.1.2.3:* or if i do *.* as the policy.