it's feasible to setup both lan-lan vpn and ezvpn on a single pix.

192.168.1.0 <--> (192.168.1.1) pix (1.1.1.1) <--> internet/lan-lan vpn <--> (2.2.2.2) pix (192.168.2.1) <--> 192.168.2.0

192.168.1.0 <--> (192.168.1.1) pix (1.1.1.1) <--> internet/ezvpn <--> (dynamic) pix (192.168.100.1) <--> 192.168.100.0

access-list 101 permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0

access-list 101 permit ip 192.168.1.0 255.255.255.0 192.168.100.0 255.255.255.0

access-list 121 permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0

access-list 122 permit ip 192.168.1.0 255.255.255.0 192.168.100.0 255.255.255.0

ip address outside 1.1.1.1 255.255.255.248

ip address inside 192.168.1.1 255.255.255.0

global (outside) 1 interface

nat (inside) 0 access-list 101

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

sysopt connection permit-ipsec

crypto ipsec transform-set 3des_set esp-3des esp-md5-hmac

crypto dynamic-map dynmap 10 set transform-set 3des_set

crypto map myvpn 10 ipsec-isakmp dynamic dynmap

crypto map myvpn 20 ipsec-isakmp

crypto map myvpn 20 match address 121

crypto map myvpn 20 set peer 2.2.2.2

crypto map myvpn 20 set transform-set 3des_set

crypto map myvpn interface outside

isakmp enable outside

isakmp key xxxx address 2.2.2.2 netmask 255.255.255.255 no-xauth no-config-mode

isakmp identity address

isakmp nat-traversal 20

isakmp policy 10 authentication pre-share

isakmp policy 10 encryption 3des

isakmp policy 10 hash md5

isakmp policy 10 group 2

isakmp policy 10 lifetime 86400

vpngroup vpn_hw_client dns-server 192.168.1.100

vpngroup vpn_hw_client default-domain yourcompany.com

vpngroup vpn_hw_client split-tunnel 122

vpngroup vpn_hw_client idle-time 1800

vpngroup vpn_hw_client password xxxx

also read this cisco doc:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a008019e6d7.shtml