Please read over the question and answer for:
Basically the answer is that I can't accomplish what I want with what I have. So now I'm asking the experts: what is the proper configuration to fulfill these requirements:
The default route for outgoing traffic will be ISP1, unless it goes down, then ISP2 should take over. That part is simple enough I believe.
The only incoming traffic is Cisco VPN Client (IPSEC), but it needs to be active on BOTH ISP's at the same time. A user should be able to connect to the static IP of ISP1, or the static IP of ISP2. And succesfully make an IPSEC connection. This is where my current hardware/configuration doesn't work. Reviewing the question will tell you why.
More details are in the original question, but right now we have a Cisco 1811 (to deal with dual wan) and behind that is a Cisco 5510 (firewall, access rules, etc), which also is the VPN server.
I'm open to other ideas, including new hardware.