When forwarding traffic to users on different security protocols, you may sometimes find that setting up one security protocol conflicts with another. For example, if your configuration for remote VPN users isn’t done properly, that may interfere with an existing IPsec authentication.
If that happens, check your sequence numbers for crypto map entries.
A crypto map set allows you to forward traffic to users with different security protocols. To do this, you create crypto map entries for each protocol, using the same crypto map name. The sequence numbers (seq-num) differentiate the entries.
The key thing to remember is that entries with lower sequence numbers are processed first. Sometimes just changing the order of the sequence numbers may solve your networking problem. For example, if setting up VPN causes your other authentication system not to work, try giving the VPN a higher sequence number in the crypto map.
For more information on customizing crypto maps, see the crypto ca authenticate command page in the Cisco Security Appliance Command Reference at www1.cisco.com/en/US/docs/security
/asa/asa80/command/reference/c5.html.