We have the following ACL assigned to WAN port of our Cisco 831:

access-list 111 permit tcp any any established

access-list 111 permit tcp host [*remote private ip snipped*] any eq telnet

access-list 111 permit esp any any

access-list 111 permit ahp any any

access-list 111 permit udp any any eq isakmp

access-list 111 permit udp any any eq 10000

access-list 111 permit gre any any

access-list 111 permit udp any eq isakmp any

access-list 111 permit udp any eq non500-isakmp any

access-list 111 permit udp any eq domain any

access-list 111 permit udp any eq 21068 any

access-list 111 permit tcp any any eq smtp

access-list 111 permit tcp any any eq 3389

access-list 111 permit tcp any any eq 3390

access-list 111 permit tcp any any eq 143

access-list 111 permit tcp any any eq 443

access-list 111 permit tcp any any eq pop3

access-list 111 deny ip any any

Should that allow a host on the LAN to access a remote VPN connection (using Cisco VPN client)? Is anything else needed?

Router is running 12.3(8), already supporting inbound Cisco client connections and one remote LAN-to-LAN VPN.