Access List in Hub

[daimos]

Hi.
I have one SoftEtherVPN server, one client pc and two virtual machine.
I`ve configured one hub and two users - client1 and client2.

SoftEtherVPN server - 192.168.20.10, windows server 2012R2
client pc - 192.168.20.10, windows 7
VM1 - IP 172.40.0.10 windows 7
VM2 - IP 172.40.0.10 windows 7

VPN - L2TP with pre-shared key.

When i connect from client pc with user client1 - I can ping VM1 and VM2, but i want configure Access List to I can ping only VM1 and cannot ping VM2 and other VMs.
I`ve configured 2 rules - Pass IP VM1 and Discard all destination Adresses, but in this case I cannot ping VM1!
Why?

I want that client1 can ping only VM1 and cannot ping all other machine.

I see Note: IP packets that did not match any access list items can pass
Can i change to "IP packets that did not match any access list items can DISCARD.

[inten]

SoftEtherVPN server - 192.168.20.10, windows server 2012R2
client pc - 192.168.20.10, windows 7

---

VM1 - IP 172.40.0.10 windows 7
VM2 - IP 172.40.0.10 windows 7

---

Mistypo?

[daimos]

Sorry :)
VM1 - IP 172.40.0.10 windows 7
VM2 - IP 172.40.0.11 windows 7
Client PC establishes VPN connection to SoftetherVPN Server and gets private ip from ip range 172.40.0.0/24

[daimos]

When I create Access List Item with Action Pass to IP 172.40.0.10 with priority 100 - i can ping 172.40.0.10/32
After that I create Access List Item with Action Discard to IP 172.40.0.10/32 with priority 101 - and i cannot ping 172.40.0.10.
Somebody know why?

Which rules should I create, which enable connect to 172.40.0.11 and disable connect to 172.40.0.0/24 ?

[thisjun]

Please add a rule to pass opposite packet.

[daimos]

I can`t do it - I should create a lot of rules.

[thisjun]

Why?
You should add two rules in Access List.