I have created an access-list that provides access from portions of this subnetted network 172.16.15.0/21 access across an IPSEC tunnel to a network of 172.16.0.0/21 network. I cannot access any port across the ipsec tunnel except ICMP dst ports. Here is my PIX ACL:
access-list 101 permit ip 172.16.10.0 255.255.255.0 172.16.2.0 255.255.255.0
access-list 101 permit ip 172.16.10.0 255.255.255.0 172.16.1.0 255.255.255.0
access-list 101 permit ip 172.16.8.0 255.255.255.0 172.16.2.0 255.255.255.0
access-list 101 permit ip 172.16.8.0 255.255.255.0 172.16.1.0 255.255.255.0
access-list 101 permit ip 172.16.8.0 255.255.255.0 172.16.4.0 255.255.255.0
access-list 101 permit ip 172.16.8.0 255.255.255.0 172.16.5.0 255.255.255.0
access-list 101 permit ip 172.16.8.0 255.255.255.0 172.16.6.0 255.255.255.0
access-list 101 permit ip 172.16.8.0 255.255.255.0 172.16.7.0 255.255.255.0
access-list 101 permit ip 172.16.10.0 255.255.255.0 172.16.4.0 255.255.255.0
access-list 101 permit ip 172.16.10.0 255.255.255.0 172.16.5.0 255.255.255.0
access-list 101 permit ip 172.16.10.0 255.255.255.0 172.16.6.0 255.255.255.0
access-list 101 permit ip 172.16.10.0 255.255.255.0 172.16.7.0 255.255.255.0
access-list 101 permit ip 63.97.183.0 255.255.255.0 172.16.4.0 255.255.255.0
access-list 101 permit ip 63.97.183.0 255.255.255.0 172.16.2.0 255.255.255.0