I have a working Site-to-Site VPN between ana ASA and a PIX
But the client wants to add more security on the VPN, he needs to allow only the HO users (behind the PIX) to access the branch (Behind ASA), while denying the Branch Users to initiate new sessions.
the security concept is like if you had the Branch user on a DMZ zone and the HO users on the Inside.
Can this security policy be done??