ASA no longer supports 3rd party IPSec termination
If today you currently use an ASA device and terminate any 3rd party IPSec tunnels on your ASA, Please be aware that this configuration is no longer supported by the ASA Business Unit or by Cisco TAC. The ASA Business Unit now only supports VPN tunnel termination on the ASA from other Cisco devices and have indicated that they will not spend resources related to 3rd party tunnels.
I happened to miss that announcement myself and the only place I happen to find this documented is here:
Configuring LAN-to-LAN IPSec VPNs
Where it specifically states the following:
"A LAN-to-LAN VPN connects networks in different geographic locations. ASAs support IPsec LAN-to-LAN VPNs with other Cisco peers. Because we adhere to VPN industry standards, ASAs may work with other vendors' peers in LAN-to-LAN VPNs; however, we do not support them."
hmmm....I'm just as puzzled as you!
Opps, forgot to add the link...
http://www.6200networks.com/wp-content/uploads/docs/LDAP%20Use%20Cases.pdf 
Hello together,
on a C3845 running 12.4.20T the FEC feature is working on the onboard GE and as well on the ...
Benefits of Nexus7K
• Control plane: The capability to create multiple independent instances of the control plane elements enables the creation of ...
Hi Joe,
I have just about runn out of patience with my 5505 - I am trying to config a simple ...
I would love to chat with your wife. My husband is studying for the same and I refer to myself ...
How is NCP? I've seen good comments about it on the forums. 
Am I missing something? It seems that with TCP state bypass, the ASA essentially becomes a stateless L4 access-list appliance, ...
good , very good , NB 
Joe, can you tell me anything that can be used to monitor a service policy. I have tried to check ...
Comment by Leslie on 17 December 2008:
IMO, this is going to put Cisco behind other vendors int he L2L space. In today’s virtual business place, connecting with partners, customers, etc via the Internet has become common practice and not everyone uses Cisco for the VPN needs.
-Leslie
Comment by Joe Harris on 17 December 2008:
Hi Leslie, I’m with you on this one in fact A LOT of SE’s are with you on this one…please don’t shoot the messenger
Comment by curious on 17 December 2008:
Hi Joe,
after reading Cisco ASA Interim Release Notes for Version 8.0.4(16) I found one very interesting bug:
CSCsv65986 Need to educate users about smart tunnel workings.
Please tell me what to say to my poor WebVPN users about smart tunnels.
Comment by Joe Harris on 17 December 2008:
Hah! Yeah that sounds quite rude doesn’t it? The author of this bug is not extremely fluent in the English dialect which is why it sounds so harsh, they meant no harm. As the description is currently marked ‘Cisco Confidential’ I am unable to comment on any specifics related to this bug at this time….I can say that after reading the details of the bug I cannot think of any reason as to why it would be marked ‘Cisco Confidential’ though…let me check and see what we can release, it may be a case of mistaken bug identity and they inadvertently marked this one ‘Cisco Confidential’.
Comment by pablo on 18 December 2008:
Joe, does it apply only for ASA devices? I mean will cisco provide support for 3rd party L2L tunnels terminated on routers?
Comment by Joe Harris on 18 December 2008:
Pablo, yes this only applies to Cisco ASA firewall units as of today. We will still support L2L tunnels terminated on routers.
Comment by Roland on 19 December 2008:
If the other vendor’s firewall/router implements 100% standard isakmp/ipsec it should work fine. Maybe Cisco TAC had many support requests about of other vendors firewalls and wanted to stop it.
I had no problems configuring L2L VPNs with ASA and other firewalls yet. Often the troubleshoot works better on the ASA’s debug than on other vendors firewalls but I can’t call Cisco TAC for this of course!
Roland
Comment by TheGrave on 20 December 2008:
Pretty ugly indeed news indeed but as Roland said the ASA debug is very nice for troubleshooting. I recently had a huge fight to bring up a tunnel with one OpenBSD machine and the logs of the isakmpd were really really ugly. If it wasn’t the ASA debugs we would never be able to bring up the tunnel. Now it’s working great!
Comment by Ryan on 21 December 2008:
Is there going to be a more formal notification on this drop of support from TAC/BU? Of course, consistent communication from either organization has been weak for quite some time.
Comment by GD on 22 December 2008:
I second (or third?) the ASA debug.
I recently had an “extended period” of finger pointing trying bring up a L2L with Checkpoint FW-1 and came up against it’s strange feature of dynamically supernetting the encryption domain. Would probably still be arguing today if it wasn’t for the visibility of the phase one mechanics from the ASA.
Comment by Joe Harris on 5 January 2009:
Hi Ryan, I can check on the formal notification but I’m not aware of any further notification…I agree we should do a better job of communicating such an important support issue as this to our customer base in a more effective manner.
Comment by Joe Harris on 5 January 2009:
Hi curious, please look back @ your bug again (CSCsv65986) and let me know if you still have additional questions…
Comment by Cisco2009 on 6 January 2009:
Cisco continues to be very committed in supporting standards-based interoperability, such as ASA5500 series to 3rd-party peers Site-to-Site/LAN-to-LAN) IPsec.
The clarification on ASA to 3rd-party Site-to-Site/LAN-to-LAN IPSec VPN has been made in the config guide (CSCsw85337):
http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/site2sit.html
Comment by Joe Harris on 6 January 2009:
Thanks Cisco2009, in regards to the updated statement:
“The ASA supports LAN-to-LAN IPsec connections with Cisco peers, and with third-party peers that comply with all relevant standards”
a great place to stay up to date on those standards is located @ http://vpnc.org/ because one of their missions is to increase interoperability between members to help them better serve their potential customers. This is a great place to look prior to implementing a 3rd party VPN with an ASA.
Comment by Cisco Subnet on 7 January 2009:
Read more background to why Cisco updated the docs in Jamey Heary’s blog http://www.networkworld.com/community/node/36934