Helo @aacole
Using a different pre-shared key for the remote access IPSec VPN connection should be sufficient to distinguish it from the VTI connection that is also using a pre-shared key with a peer address of 0.0.0.0. As long as the remote access VPN client is configured to use the correct pre-shared key, the router should be able to differentiate between the two connections.
However, it's recommended to use a different peer address for the remote access VPN connection if possible, rather than relying solely on the pre-shared key to differentiate between the two connections. This can help to avoid potential conflicts or confusion in the future (as I concerned). If you can assign a specific IP address to the remote access VPN client and use that as the peer address, that would be ideal.
Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.