Hi Lee,
That is a good question.
If you are referring to User Authentication for the VPN Client you can rely upon the Locally configured usernames on the Router. Most customer prefers to have the flexibilty of using Xauth (extended authentication) i.e. using a Radius or TACACS to authenticate the users to.
Here is a good sample configuration that will explain how to configure
xauth on a router:
http://www.cisco.com/warp/public/707/ios_usr_rad.html
please note that if u do want to use local authentication rather then an external server then you need to make sure that your authentication point locally.
For Example:
username cisco password 0 cisco
aaa authentication login userauthen local
crypto map clientmap client authentication list userauthen
R/Catherine