We set up a client vpn using bordermanager 3.8

If we try to remote control a vpn user using password management it is not
working by default. The policies are set in a way a user needs to grant
permission if some one wants to take control. Is there a way to set the
policies for external users ? If they login to the lan then our
user/workstation policies take effect.

Because lots of users are behind NATed-ike connections remote control does
not work at all. an exception for the port must be made by most of all an
administrator on the other site to allow tcp traffic. This is not friendly
if we just want to connect to a vpn client of our office. Allmost always
someone must come between to arrange something. Can't it be done a faster
way ? There is allready a secure connection between site & client.

Will it in the future be possible to remote control vpn users by using the
directory (preferred in Imanager 2) ?