I have a lan-to-lan IPsec VPN working (PIX501)but i would like to restrict the access from LAN A to LAN B. I tried to use "no sysopt connection permit-ipsec" command with some changes in the ACCESS-LIST bound to the outside interface. I did not work. Ane help would be welcome (doc, previous experience, etc).
what you were tring to do is totally correct...the other way is that if you want to restrict traffic at the ip layer and not layer 4 then you can restrict in the nat 0 access-list.
otherwise removing the sysopt and then restricting the access in the access-list bound to the outside interface is the right way....unfortunaltely cisco does not have any document for specifically doing this.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...