Here is the procedure of restrict access to only 1 host on the LAN for VPN.
Create a new group-policy that has the split-tunnel with only the host/network I want the VPN user to access. Then create a ACL to only allow network access to what you want. Apply this ACL to the GP with the following command: vpn-filter value (you have to apply this when you are in the GP attributes). Then make a new group-tunnel and tie it back to the new GP. Now you can give this user the new PCF and the user will be locked down to the host / network you specified.
I hope this guide helps you, If you want to do that with VPN for security so check this Fastest VPN Service list.