Yes, you can use certificates, but if you only have two routers you don't have scalability issues and RSA encrypted nonces are probably the most secure option. It also stops someone from recovering crypto keys by doing password recovery
You can issue certificates from MS IIS with a couple of add-on packages. It's fairly hassle-free, but remember, certificates were designed to solve authentication in the many-many arrangement, not one-one or one-many
Have a browse on the Cisco web site using VPN & certificates as the keywords.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...