Extensible Authentication Protocol (EAP) authentication is not based on Windows, and access rules applied to Windows users or groups are not applied to users authenticating with EAP.
Enable user mapping for these users. Using Forefront TMG user mapping, you can map users that do not use Windows to Windows accounts. Configure user mapping on the User Mapping tab of the VPN Clients properties. Alternatively, you can create a RADIUS user set for these users, so that access rules can be applied to them.