I was wondering if I have a Cisco ASA firewall and it has several site to site VPNs using pre-shared keys. If I want to add another VPN to the firewall. Do I have to add all the crypto ISAKMP stuff again or what. Or can I just VPN config all ready in the firewall. I mean besides the New Crypto Map , ACL and NAT 0 statement what other statements do I need to enter in order the buld this new site to site tunnel? I don't want to end up entering more command than is needed.
Yes, you are absolutely correct. As you said, if there are 10 policies, it will try to find a match from policy with the lowest number to the highest number until it finds a match.
No, you don't need to add new crypto isakmp policies if you already have a matching policies configured. You can also re-use the crypto ipsec transform-set policy if it is the same on the other site of the LAN-to-LAN tunnel (as long as it matches on both ends).
You are right, the only statements you would need to add would be the ACL entry for NAT 0 and new crypto map sequence (with crypto ACL, transform set and set peer entries).
Hope that helps.