Hi,
Actually any of the options that you mentioned should work fine.
IOS CA Server will use the router as the CA authority
GET VPN, relatively new VPN technology
Microsoft CA server, will use a Windows Server for CA authority
Personally, I have experience with the Microsoft CA Server for Enterprise and IOS CA for smaller environments.
I have not experienced with GET VPN yet, though it seems a very cool technology
Either path you choose, involves quite a change and work, so if you're going to put this much effort on it, I'll go with
GET VPN.
It really depends on what you currently have and what you need.
If you have any questions let us know, perhaps we can help you further.
Federico.