I have a site 2 site vpn between the above nodes and working ok.

On the pix I have an access rule set up to allow inside network ( access to outside network (

On the BM 3rd Party Rules I have st up the 3rd Party Protected network as and the NBM Protected Network as

All works great and I can access anyting on network from the network.

However what I would like to do is open up the rules on the pix to allow the inside network access to anything on the outside interface. I would then like to control access to individual hosts on the network by adding the hosts to the NBM Protected List (but not having the network entry in the list). This way I never have to change the pix access rules and all access is controlled by updating the BM server rules.

However it does not work when the pix and BM rules do not match. I have read on the internet that they must match but I cannot undersand why.

Could anyone help me by explaining why this is and if there is some workaround.