HI,
In org A crypto map you could specify the source and the destination ports that u would allow for access from org B in the crypto ACL .
For example :
access-list ACL extended permit tcp host 10.19.61.15 eq 8888 host 192.16.157.123
(this will allow inbound access from org B to org A on port 8888 only )
access-list ACL extended permit tcp host 10.19.61.15 host 192.16.67.122 eq 80 (outbound access to org b only on port 80)
Raj