L2L IPSEC tunnel lost after adding Easy VPN connection

Why L2L IPSEC permanent tunnel lost after adding remote access (ipsec-ra) connection with lower policy number, different dynamic and static map, another internal IP address pool and the same outside interface of Cisco ASA 5510 firewall (firmware 7.2(3))?I’ve seen this before. You can’t have an IPSec RA dynamic map configured with a lower policy number than a L2L static map. If you do odd things will occur like the tunnel not coming up at all, or the tunnel only coming up in one direction. I.e. The tunnel will come up but only if you originate interesting traffic from one direction, but the tunnel will not come up if you originate traffic from the other direction. It has to do with the way a dynamic tunnel configuration allows connections from any Internet IP and not just a static IP. Thus thats why you want the firewall to process the static L2L tunnels before the dynamic RA tunnel by using the policy numbers.

Zdroj:

http://www.linkedin.com/answers/technology/information-technology/computer-networking/TCH_ITS_CNW/253806-19570813