I am having difficulty configuring the VPN access-lists on LAN to LAN IPSec tunnel between a Cisco PIX and a Juniper SSG 20. I'm running PIX version 7.1(2) and I have sysopt connection permit-vpn enabled, which, from what I understand would then force access-list restrictions to be determined by the VPN group-policy and the access- list specified by the vpn-filter value setting. Currently, I am able to set traffic restrictions for the tunnel on the SSG, but I would prefer to be able to do this on the PIX. If I remove the traffic restrictions set on the SSG, then I have unfiltered access to the hosts on the PIX side of the tunnel. This is the case whether or not I have an access-list specified for the vpn-filter value setting. Is there something else simple that I'm missing?