Thanks for your questions. We prefer you do not comment under the document. Instead "ask a question" or create a "discussion" and link the document (as you have done in this discussion).
Currently, we can authenticate mobile VPN connections with the local-user list; however, as you mentioned, this will give them administrator access to the ADTRAN unit. This is the only way we can authenticate mobile VPN users without an external extended authentication RADIUS server.
I will have this suggestion added to our "feature request" list so it can be implemented in a future release.
Cool, that works. I guess you could restrict www and https access except from a maintenance host/VLAN or something, or just kill the web GUI and harden admin with a strong enable password. Something's better than nothing.
We'd use the heck out of that new feature though--hope it can happen! Thanks for confirming the current options, Levi.