We are in the process of connection our networks to an outside vendor. We are installing a 3925 ISR at their location and a matching 3925 ISR at ours and configiring a DMVPN connection between them. Other than putting ACL's on the router at the vendor location limiting IP's and Ports allowed, can we configure something that would force the user to Authenticate before they could access the network at our location?