If the shunning router or pix authenticates to a OTP server, then the sensor, which is the end user, will obviously not be able to authenticate to the OTP server. The normal aaa options (local, ACS internal DB, etc) ought to suffice though, as router management usually doesn't use OTP anyway - OTP is more prevalent for DUN and VPN users.
If password capture is a factor, then ssh can be used (at least with the pix) for shunning to mitigate that risk.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...