Surely we all have some.We might as well all benefit from each others experiences...
I'll start with some obvious but none-the-less important ones..
1. Have good backups (more important still after point 3).
2. Syslog the logs to a unix/linux box so you can grep them and find stuff with greater ease.
3. When you are just starting out with the Juniper platform (like we are) and your boss gets you a small 2500 to tinker with, and then the boss starts adding a few VIP's and special users to the box...STAND YOUR GROUND and push for a seperate test box. Testing at a seperate URL and with seperate resources will still affect other users, who despite being told this is still a test platform, treat it like it's a production box (and that's why good backups can suddenly be a great thing).
I was 1/2 being sarcastic. 3 years on with Netconnect and we still have our legacy VPN. Netconnect has issues but is still a decent product.
Netconnect actually does use IPSEC or (ESP, basically the same thing) by default. The tunnel will fail over to SSL if needed but the transition is not always smooth and SSL for transport is actually slower.