best way to port forward services ipsec tunnel

I have an ipsec tunnel built from our datacenter to a test asa.  this will be for an ipsec tunnel we eventually put in production to a company we recently acquired.     MGT wants to limit the access of this tunnel to only certain services (ie.ports) on certain ips.  For example this new company will access the call mgr at our datacenter but will only have access to the necessary ports/services to register their mgcp gateways and their voip phones.

 I think with the vpn it bypasses all access lists and if I uncheck the box “bypass interface access lists for inbound sessions”   I think I’m going to force myself to have to create access lists for the anyconnect client as well which could be a bit of a pain?
What’s the best way to do this?  I was wondering about maybe natting and changing the nat rules to only nat certain ports but so far that hasn’t worked.  I also looked at the crypto map and played around with the source and destination ports thinking that i could make it so that i'm only protecting (encrypting) the ports i want open.  but that hasn't worked either.  Just curious what would be the best solution to accomplish this?   thanks for your input.
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

techlindenAuthor Commented:
I went ahead and just built the access lists for anyconnect.   wasn't too bad.  would have been nice if didn't have to.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
techlindenAuthor Commented:
created access-lists for the anyconnect
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.