I haven't yet, but I have an aging PIX 515E at work that I plan to replace with an ASA 5510 soon, and I suspect I'll encounter a number of similar situations...
Thanks for posting this question. Even though I can't help you on this one from past experience, you've already helped me by making me think about this.
I'll look around and see if I can find anything helpful.
Also thanks to ShadowAce for pinging the tech list...
We are in a similar situation, except we used a Cisco Concentrator for our VPN connections. We also have a PIX 515 for our internet usage. We have two different internet pipes, one for internet use and the other for remote access. We had a new 20MB fiber line installed, and decided to use it for our remote access users(and internet for the IT department... hehe). I HIGHLY recommend the ASA. Even though we ran into this issue, it is a SUPER perimeter security device. We just ran into this snag, but I'm SURE we will over come it. If I don't get it resolved by Monday morning, I'm going to call Cisco and have one of their CCIE 'Jedi' network guys get involved. I could have called them today because we have an agreement with them, but like all men, I'll sustain great stress, pain, and suffering before calling for help or asking for directions. lol
I was able to get it working! I had to enable IPsec over NAT-T, open inbound UDP 4500, and enable and set an IPsec Prefragmentation Policy.
Thanks to you all for chiming in.