VPN is what I do.
I run a managed VPN service.
The Netscreens were nice enough when I was working with them, but not only were they not completely compatible with our infrastructure (we use Entrust for auth), but to make them compatible, we'd have to invest in Entrust's middleware package at about $10k per server (x2 to allow for DR needs). In addition, their VPN client software was an additional and expensive item to purchase (IIRC, over $100 per seat). We went with Nortel. No need for additional server software and client software was free. VPN config is a lot easier too. I have 1000 remote users and multiple sites without any issues.
The only problem I have with Netscreen now is that some of my clients use their products and I have to help them configure VPN tunnels to connect to our Nortel boxes. Easy on paper, but I can't remember enough of the Netscreen config process to tell them exactly what to do. I shouldn't have to do anything other than giving them IPSEC settings and a certificate (or preshared key), but I find myself handholding all too often.
Chris