Hi all. My headquarters office is link to all other subsidiary office using site to site vpn. Currently i need to implement an accesslist on each of the pix/asa firewall of my subsidiary to limit what they can access on my headquarters. This accesslist is applied to the inside interface of my subsidiary firewalls. Hence i would like to know if it is possible to do the restriction of incoming traffic from site to site vpn on my headquarters asa5510 firewall instead of implementing the restriction on each of my subsidiary firewall. Thks in advance.