Or – ASA Lan2Lan-VPN for dummies.
I often get questions related to Lan2Lan-tunnels in ASA. This post serves as a cheat-sheet for different software versions.

Pix v6.x
isakmp enable outside isakmp policy 1 authentication pre-share isakmp policy 1 encryption des isakmp policy 1 hash md5 isakmp policy 1 group 1 isakmp policy 1 lifetime 86400 isakmp key cisco123 address 5.6.7.8 netmask 255.255.255.255 access-list 100 permit ip 10.0.X.0 255.255.255.0 10.0.Y.0 255.255.255.0 crypto ipsec transform-set MYTSET esp-des esp-md5-hmac crypto map CMAP_OUTSIDE 10 ipsec-isakmp crypto map CMAP_OUTSIDE match address 100 crypto map CMAP_OUTSIDE set peer 5.6.7.8 crypto map CMAP_OUTSIDE interface outside access-list nonat_inside permit ip 10.0.X.0 255.255.255.0 10.0.Y.0 255.255.255.0 nat (inside) 0 access-list nonat_inside sysopt connection permit-ipsec
Pix/ASA v7.0 – 8.2
isakmp enable outside isakmp policy 1 authentication pre-share isakmp policy 1 encryption des isakmp policy 1 hash md5 isakmp policy 1 group 1 isakmp policy 1 lifetime 86400 tunnel-group 5.6.7.8 type ipsec-l2l tunnel-group 5.6.7.8 ipsec-attributes pre-shared-key cisco123 access-list VPN permit ip 10.0.X.0 255.255.255.0 10.0.Y.0 255.255.255.0 crypto ipsec transform-set MYTSET esp-des esp-md5-hmac crypto map CMAP_OUTSIDE 10 ipsec-isakmp crypto map CMAP_OUTSIDE 10 set transform-set MYTSET crypto map CMAP_OUTSIDE 10 match address VPN crypto map CMAP_OUTSIDE 10 set peer 5.6.7.8 crypto map CMAP_OUTSIDE interface outside access-list nonat_inside permit ip 10.0.X.0 255.255.255.0 10.0.Y.0 255.255.255.0 nat (inside) 0 access-list nonat_inside
ASA v8.3+
crypto ikev1 enable outside crypto ikev1 policy 1 authentication pre-share encryption des hash md5 group 1 lifetime 86400 tunnel-group 5.6.7.8 type ipsec-l2l tunnel-group 5.6.7.8 ipsec-attributes ikev1 pre-shared-key cisco123 access-list VPN permit ip 10.0.X.0 255.255.255.0 10.0.Y.0 255.255.255.0 crypto ipsec ikev1 transform-set MYTSET esp-des esp-md5-hmac crypto map CMAP_OUTSIDE 10 ipsec-isakmp crypto map CMAP_OUTSIDE 10 set ikev1 transform-set MYTSET crypto map CMAP_OUTSIDE 10 match address VPN crypto map CMAP_OUTSIDE 10 set peer 5.6.7.8 crypto map CMAP_OUTSIDE interface outside object network MY-LAN subnet 10.0.X.0 255.255.255.0 object network HIS-LAN subnet 10.0.Y.0 255.255.255.0 nat (inside,outside) source static MY-LAN MY-LAN destination static HIS-LAN HIS-LAN
6.X wrong:
crypto map CMAP_OUTSIDE 10 ipsec-isakmp
crypto map CMAP_OUTSIDE match address 100
crypto map CMAP_OUTSIDE set peer 5.6.7.8
crypto map CMAP_OUTSIDE interface outside
Correct:
crypto map CMAP_OUTSIDE 10 ipsec-isakmp
crypto map CMAP_OUTSIDE 10 match address 100
crypto map CMAP_OUTSIDE 10 set peer 5.6.7.8
crypto map CMAP_OUTSIDE 10 set transform-set MYTSET
crypto map CMAP_OUTSIDE interface outside