Sure it's possible.......
You don't need to apply the Crypto Map to the Tunnel interface.
Apply the Crypto Map to the "Inside" port (VLAN as usual) from VPN-SPA's perspective.
Connect the "Outside" port from VPN-SPA's perspective to the "Inside" port (VLAN).
Use the "Inside" port (VLAN) as the Tunnel Source.
interface vlan 1000
description - VPNSPA Inside VLAN
ip address 1.1.1.1 255.255.255.0
crypto map MAP_STATIC
crypto engine slot 1/0
interface vlan 1001
description - VPNSPA Outside VLAN
crypto connect vlan 1000
crypto engine slot 1/0
interface tunnel 1000
bandwidth 1000
ip address 9.9.9.1 255.255.255.0
tunnel source vlan 1000
tunnel destination 2.2.2.2
access-list 100 permit gre host 1.1.1.1 host 2.2.2.2
***This is of course assuming that the peer's Tunnel ip is 9.9.9.x/24 and it's global IP is 2.2.2.2***
Also http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/cfgnotes/78_14459.htm#wp1273613 (this is for VPNSM but config is relatively the same. Note 'Switch #1, Tunnel intf #1' should read "tunnel source vlan 2")
Good Luck,
Don