If you plan on making changes to your crypto map statments, always remove the crypto map from the interface it is applied, then make your changes, then reapply the map:no crypto map map_name outsidemodify what needs to be changed, then:crypto map map...
It's not free, but Opensystems makes a product called PrivateI, which runs as a service. It gives you much more than just a simple syslog (alerting, reporting, remote web access, filtering, enhanced queries, etc.)........ I would avoid this product ...
Putty is a good way to go (for ssh to outside interface), you could even use https w/ PDM if you have 6.x code from the outside. If the tunnel goes down, you are only losing the tunnel traffic, there is still a good possibility that connectivity to ...
If you do need to keep 2 separate access-lists, then use 2 different NAT ID's, like:nat(inside) 0............nat(inside) 1...............Just make sure you match up your global statement accordingly