I have a remote client that is able to create a good VPN tunnel to our PIX-515 from his PC using the Cisco VPN client software. When the tunnel is established he is able to access our internal services. I would like to VNC to his desktop from my workstation on the protected network. His PC has the Windows firewall turned off, but I am still unable to connect to port 5900. Is there something in the access-list that needs to be opened to allow this to happen?