Remote Access VPNs and security

How are you protecting your remote access VPNs? I have a need to support several hundred remote offices over a VPN. I’ve thought about personal firewalls, but most only run as an application and therefore are unprotected when the user is not logged into the machine, but still has it powered on. Managing these firewalls and training for the end-user is also an issue.

I would like to put a small, inexpensive appliance at the remote end, that supports 3DES and make the remote office relatively idiot proof for my users.

Any suggestions?