It is dependant on your TACACS server having the 2 factor support. The PIX sends athentication request to the aaa server for serial|telnet|ssh|http|enable that I know of. If you are authenticating vpn clients via TACACS I am not sure off the top of my head.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...