I want to setup a 501 pix so remote users cannot connect to it using the Cisco VPN client, however, I do not have a Radius or TACACS server. how do I set up the pix so that I can define local accounts the users can connect with, and is it possible for the pix to forward to an active directory for authentication if I didn't go with local auth? If it can't be done with the Cisco VPN client, can either type of authentication (local or AD) be done using PPTP on a windows machine so that they didn't need to load the VPN client?

Lastly, can site to site vpn tunnels be implemented on the same pix if its also serving remote access tunnels? I've heard the limit is 10 on the pix, but I don't know if thats a total for both remote access and site to site? anyone know this?