L2TP/IPSec from Windows 7 to ASA 5520
I have IPSEC working in "lan-to-lan" mode between Windows 7 and an ASA with 8.3(2)13 (FIPS certified).
I'm quite sure you are correct regarding the error - if it can't negotiate an SA you are hosed.
I would try getting rid of "NAT Traversal". Of course, you might be stuck with trying to go over NAT, in which case it may be required. But that sure looks like the cause of your problem.
I guess your other option is to figure out how to get windows 7 to do the nat-traversal SA type. You might try poking around with netsh advfirewall consec
on windows.
Here's a reference for it i had bookmarked. http://technet.microsoft.com/en-us/library/dd736198(v=ws.10).aspx.
One note - Windows documentation talks a LOT about how important it is to regularly re-key the connection. However, if you re-key too frequently, the ASA takes a dump and drops the connection. Make sure you don't re-key more often than every 2 minutes. Using MS's recommended # of bytes value for the rekey made it go below 2 minutes.
When we opened a support case, M$ couldn't really give any real reason for their recommendation. They sent us a big fat bill though.