I have created a site to site tunnel between two organizations. Org A wants to limit Org B to specific TCP ports on the destination hosts. Can this be done on the Org A PIX? I believe I could limit it by changing the cryptomap ACL on the Org B PIX, but then Org A does not control the access in.
Any suggestions appreciated.