I have a question in regards to LAN-to-LAN tunnel with a vendor(extranet) using a VPN 3005. We would like to initiate the connection from our side only and on our side only have the ability to initiate connections to computers on the vendor's side; and on the vendor's side disable their ability to initiate connections to our computers on our side while the tunnel is up. Is this possible? Or, will we need some IPS/IDS to stop initial connections from the vendor's side. I hope this is clear enough.