Hi there

I have a requirement to configure a site-to-site VPN on a ASA 5506 which is configured as a PPPoE client on its outside interface. I'm looking for any documentation or advice on on how the VPN section should be configured. Currently I have the following Configuration but I'll not sure if this would work as on the ASDM there is a error (red X) saying "This interface has crypto map configuration. It cannot be a part of Traffice Zone". Please see the attached for the error. 

Interface config

interface GigabitEthernet1/1

nameif outside
security-level 0
pppoe client vpdn group ABCD
ip address pppoe setroute
!

PPPoE Config

vpdn group ABCD request dialout pppoe
vpdn group ABCD localname user@spark.co.nz
vpdn group ABCD ppp authentication pap
vpdn username user password *****

VPN Config

crypto ikev1 enable outside
crypto ikev1 policy 10
authentication crack
encryption aes-256
hash sha
group 2
lifetime 86400

group-policy GroupPolicy_x.x.x.x internal
group-policy GroupPolicy_x.x.x.x attributes
vpn-tunnel-protocol ikev1
tunnel-group x.x.x.x type ipsec-l2l
tunnel-group x.x.x.x general-attributes
default-group-policy GroupPolicy_x.x.x.x
tunnel-group x.x.x.x ipsec-attributes
ikev1 pre-shared-key *****

The 5506 is for a remote site so I would like to make sure I have the configuration right. It would be great if someone could point me to the correct documentation or confirm that this config is correct and if I should be worried about the attached error. I know on the routers the crypto map has to be applied to the  dialer interface. Is it something similar for ASAs ? 

Thanks in advance.