Hi there,
I have had experience in a number of good VPN projects in the UK, all using Cisco stuff, either;
1. PIX 515 UR's
2. Cisco 1720's
3. Cisco VPN 3015 Concentrator
The largest project I have installed was for a 150 user online stockbroker with central server farms in the UK and Sweden, and remote users dialling in from all around the world.
The key thing here is to make sure you get the ISP right. If you are doing an intercontinental VPN of ANY type you must choose a decent business to business ISP, the same for all your connections (both static and dialup). Make sure this ISP has got exceptional (i.e Terabit upwards) ATM connections between continents. This will ensure a decent connection speed, and no matter what equipment you choos, you need that.
In regards to equipment, the VPN 3015 is the most outstanding box I've seen to date, although I have not yet looked at the VPN 5000. I've also not compared it against something like the Checkpoint VPN -1. The PIX is very good also, particularly the 520, but configuration can be a real pain, if you do it via the command lien, whereas the 3015 has an EXCELLENT HTML interface. I wouldn't personally bother with Cisco IOS VPNs because they mean you have to fork out for a dedicated box which will be more than you need. However configuring routing protocols to work with the VPN is easier I suppose.
In terms of managment, this will depend really upon the choice of hardware. The Cisco ACS is pretty good for what you want 'though. Depending upon your LAN, you may want to look at decent 3rd part Tacacs or RADIUS server.
Hope that helps...
George Watts
Cisco Secure Consultant
Modena Systems Ltd, UK.