Ok, got an update on this issue. I'm looking at a couple of options.

We use a company by the name of TelCove for our T1 line, and they just started a new VPN service. It looks impressive and sufficient for our needs -- everything going between our servers and remote users would pass through TelCove's VPN, managed by their staff 24/7. Between $400-500/month, we could make use of this service pretty easily. Here's a short description of their service.

On the other hand, we're also looking at upgrading our current W2k network to Windows 2003. I've been told that Windows 2003 terminal services has built in encryption. If this is the case, would that then be sufficient enough security wise? Should we just upgrade to 2003 and forego the VPN route?

Let me know what you think and what you know about these two possible solutions. I want to make sure we have the best security that is both effective and practical.