There are some 2-factor solutions that don't require purchase or management of tokens. These allow you to leverage hardware already in the hands of your users--phones and pagers. I would recommend phone solutions these days for a few reasons, not the least of which is that more people have phones these days than pagers.
My company's Cisco VPN gives us no trouble, but there is increasing sensitivity to the normal authentication measures we impose--a simple username and password. I know we can manage these policies in to steadily increasing complexity but it would be great to enhance security through some (hopefully without deployment of tokens and certificates). Any ideas?

Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic