Excuse me, but I'm a novice with this and in over my head. 

I'm trying to add remote VPN capabilities to a small office ASA5505 which is working well for external access to the 'net and has a site-to-site tunnel to an office in another city.

Following the various guides, I've added (or tried adding) the necessary configuration, but when I attempt to add crypto statements for the remote vpn, the site-to-site VPN goes down.  The internal network is on 10.1.10.0/24 and remote users are to be on subnet 192.168.30.0/24

I'd appreciate anyone pointing out whatever silly mistake I've made.  Below is the configuration with private information and outside addresses "scrubbed".

Thanks in advance for any suggestions!

======================================================

ASA Version 8.2(5)

!

hostname asa-hhh

domain-name xyz.com

enable password 1ltRLCMh8jwpmLdb encrypted

passwd 1ltRLCMh8jwpmLdb encrypted

names

!

interface Ethernet0/0

switchport access vlan 2

!

interface Ethernet0/1

!

interface Ethernet0/2

!

interface Ethernet0/3

!

interface Ethernet0/4

!

interface Ethernet0/5

!

interface Ethernet0/6

!

interface Ethernet0/7

!

interface Vlan1

nameif inside

security-level 100

ip address 10.1.10.1 255.255.255.0

!

interface Vlan2

nameif outside

security-level 0

ip address xxx.xxx.xxx.241 255.255.255.248

!

ftp mode passive

clock timezone CST -6

clock summer-time CDT recurring

dns server-group DefaultDNS

domain-name peissel.com

access-list outside_in extended permit icmp any any echo-reply

access-list outside_in extended deny ip any any log

access-list VPN-to-AUS extended permit ip 10.1.10.0 255.255.255.0 192.168.1.0 255.255.255.0

access-list NONAT extended permit ip 10.1.10.0 255.255.255.0 192.168.1.0 255.255.255.0

access-list splittunnel extended permit ip 10.1.10.0 255.255.255.0 192.168.30.0 255.255.255.0

pager lines 24

logging enable

logging asdm informational

mtu inside 1500

mtu outside 1500

ip local pool vpnpool 192.168.30.1-192.168.30.254

icmp unreachable rate-limit 1 burst-size 1

asdm image disk0:/asdm-643.bin

no asdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 0 access-list NONAT

nat (inside) 1 10.1.10.0 255.255.255.0

nat (inside) 1 0.0.0.0 0.0.0.0

route outside 0.0.0.0 0.0.0.0 xxx.xxx.xxx.246 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

timeout floating-conn 0:00:00

dynamic-access-policy-record DfltAccessPolicy

aaa authentication ssh console LOCAL

http server enable

http 10.1.10.0 255.255.255.0 inside

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

crypto ipsec transform-set espSHA3DESproto esp-3des esp-sha-hmac

crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac

crypto ipsec security-association lifetime seconds 28800

crypto ipsec security-association lifetime kilobytes 4608000

crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-MD5

crypto map IPSEC 10 match address VPN-to-AUS

crypto map IPSEC 10 set peer yy.yy.yy.33

crypto map IPSEC 10 set transform-set espSHA3DESproto

crypto map IPSEC interface outside

crypto ca trustpoint localtrust

enrollment self

fqdn abc.xyz.com

keypair sslvpnkey

crl configure

crypto ca certificate chain localtrust

certificate 68b4ea4e

    b4fe602b 58b8deaf df648bf3 512a5be1 3fd1e2df 3ae2dc41 2602cd67 0500bb88 e1

  quit

crypto isakmp identity address

crypto isakmp enable outside

crypto isakmp policy 10

authentication pre-share

encryption 3des

hash sha

group 2

lifetime 86400

crypto isakmp policy 20

authentication pre-share

encryption 3des

hash md5

group 2

lifetime 86400

telnet timeout 5

ssh 10.1.10.0 255.255.255.0 inside

ssh 0.0.0.0 0.0.0.0 outside

ssh timeout 5

console timeout 0

dhcpd address 10.1.10.10-10.1.10.40 inside

dhcpd dns 8.8.8.8 interface inside

dhcpd lease 86400 interface inside

dhcpd domain peissel.com interface inside

dhcpd enable inside

!

threat-detection basic-threat

threat-detection statistics access-list

no threat-detection statistics tcp-intercept

ntp server 192.5.41.41 source outside

ntp server 192.5.41.40 source outside

ssl trust-point localtrust outside

webvpn

enable outside

svc enable

group-policy remotevpn internal

group-policy remotevpn attributes

vpn-idle-timeout 30

split-tunnel-policy tunnelspecified

split-tunnel-network-list value splittunnel

username myname password 8NYVxDRPHUNYpspD encrypted privilege 15

username myname attributes

service-type admin

username remote-user password /yoq2HhsDPlgKIdN encrypted

tunnel-group yy.yy.yy.33 type ipsec-l2l

tunnel-group yy.yy.yy.33 ipsec-attributes

pre-shared-key *****

isakmp keepalive threshold 30 retry 5

tunnel-group remotevpn type remote-access

tunnel-group remotevpn general-attributes

address-pool vpnpool

default-group-policy remotevpn

tunnel-group remotevpn ipsec-attributes

pre-shared-key *****

!

class-map inspection_default

match default-inspection-traffic

!

!

policy-map type inspect dns preset_dns_map

parameters

  message-length maximum 512

policy-map global_policy

class inspection_default

  inspect dns preset_dns_map

  inspect ftp

  inspect h323 h225

  inspect h323 ras

  inspect rsh

  inspect rtsp

  inspect esmtp

  inspect sqlnet

  inspect skinny 

  inspect sunrpc

  inspect xdmcp

  inspect sip 

  inspect netbios

  inspect tftp

  inspect ip-options

!

service-policy global_policy global

prompt hostname context

no call-home reporting anonymous

Cryptochecksum:465a4a58a8ad00e66259d93e645b3ed1

: end