There are multiple examples on how to setup TACACS autentication/authorization on the PIXs, but they all seem to use local ACS (on the inside interface of the PIX). What if we have ACS on a remote site and have to send AAA requests across the VPN tunnel? Is this supported by Cisco? Should I still use: "aaa-server TACACS (inside)..." or is it considered to be on an outside interface? Any examples out there? Same question for the ASA appliance (8.0(3)).