I'm not even sure how to title this conversation, but here goes. We have a hub and spoke VPN setup with a 515E as the headend. There are PIX 501s at the remote locations. I have several remote site connecting to the PIX server, but not to each remote location. For server administrative purposes, I'd like to be able to allow the remote site to be able to at least VNC or Remote Desktop thru the tunnels.
Is this possible? What are the security implications? What would the access-list look like? Are the access-lists on the PIX head end only or are there access-list on all firewalls allowing traffic thru?
Some sites are easy VPN and others are Site to Site.
Thanks in advance for any advice,