We currently have a couple of IPSEC SPAs that we are using to terminate site to site vpn tunnels in vrf mode. We are looking at leveraging this hardware to also terminate remote access vpn using PKI to avoid the aggressive mode security issues. I was hoping there would be some people out there that could point me towards some good resources that will help with the configuration of such a model. I've found some cisco documents on their website but it seems like the documents I found are trying to cover little bits of everything and leave holes when it comes to this specific deployment. If anyone has first hand experience they would like to share I would appreciate it. If you know of some documentation or Cisco Press books that would be of value I am open to that too.