[c-nsp] ASA5520 questions on crypto map structure

[Scott Granados]

Hi list,
First, thanks for all the great pointers and suggestions I've made a lot of 
progress as a result and I appreciate it.

I'm wondering if I have the general idea correct for writing crypto maps. 
My understanding is that a dynamic map is used for client access and in 
terms of sequence should be the last in the list.  I have this working.  I 
want to add a LAN-to-LAN session now on the same device.  I've written the 
following and I'm looking for input as to whether this looks correct or is 
there a better way?

Here's the example config.

crypto ipsec transform-set vpn-transform1 esp-aes-256 esp-sha-hmac
crypto ipsec transform-set vpn-transform2 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set vpn-transform3 esp-3des esp-sha-hmac
crypto dynamic-map dynmap 10 set transform-set vpn-transform1 vpn-transform2 
vpn-transform3
crypto dynamic-map dynmap 10 set reverse-route
(original dynamic map portion)

crypto map vpn-ra-map 10 match address ny-vpn-acl
crypto map vpn-ra-map 10 set peer ny-fw-outside
crypto map vpn-ra-map 10 set transform-set vpn-transform2
crypto map vpn-ra-map 10 set reverse-route

(note I'm using the names facility to name the peer and the ACL mentioned 
marks the traffic to encrypt destined to New York)

crypto map vpn-ra-map 65535 ipsec-isakmp dynamic dynmap
crypto map vpn-ra-map interface outside
(adds the dynamic map and the whole shooting match to the outside interface)

Do I more or less have this right?  Using the examples that I received off 
list this seems close.  Also, would I simply increase the sequence number 
and add the next LAN-to-LAN mapping as sequence 20 between the existing peer 
and the dynmap? A little hint as to whether I'm in the right area or totally 
off base would be helpful.

Thanks
Scott