Due to PCIDSS requirements I need to have IKE aggressive mode disabled on all the devices that terminate VPN Tunnels. Unfortunately I have several PIX 501s out there that don't have the capability to disable IKE Aggressive mode. Would it work to create access lists that only allow port 500/udp and protocol 50 from my VPN Concentrator's IP and deny all other traffic, effectively making IKE aggressive mode a non issue?