VPN

First I just wanted to state how much I like m0n0wall.
Thanks to the author and thanks to the moderators of the forum.
You rock!

So to my question, this is a bit past my current skill level:

What is the appropriate way to regulate access to different internal VLAN to ipsec mobile clients in M0n0wall 1.8.1?

Would it be under the Firewall > Rules > IPsec VPN?

It seems when I connect to my m0n0wall router with a mobile ipsec client (aggresive mode, pre-shared keys), I am able to connect to any VLAN behind the router as I please, simply by creating several policies or setting the remote side policy to 0.0.0.0/0.

Does the IPSEC mobile client bypass any firewall/security mechanisms?

You probably set up a default rule for ipsec clients like the on on LAN and that is open everything.  You control access on the inbound interface, so if you want to restrict your ipsec clients, you do so on the ipsec interface.