I have an ASA5520, and received a request to configure a site to site between between our ASA5520 and another vendor to ship SQL transaction logs from our SQL server that sits behind our ASA5520, to their SQL server that will be at the other end of the tunnel(vendor side). I am completely familiar with configuring a site to site VPN, this is no problem, but what I am unsure of is if I can restrict this VPN so traffic flows in one direction only via the port I specify. I know restricting by port is possible, but I'm not sure about only allowing traffic flow in one direction. So for example, over the VPN, I want the SQL server on my side that is behind my ASA5520 to be able to send SQL transaction logs over port 1234 over the tunnel to the vendor, but I don't want return traffic to be allowed over port 1234. I just want them to be able to receive traffic from us, I don't want us to receive traffic from them. I hope that make sense. Is this possible?