Cisco.com has very good article that decsribes in detail site-to-site VPN setup between ASA firewall and any other IOS router (Document ID: 112153).
On ASA as well as on Cisco router crypto map needs to be assigned to an interface, in most cases outside one. The issue with routers is that each interface can only have one crypto map assigned.
Imagine situation when you need to do both site-to-site and client access VPN with RADIUS authentication on the same router and on the same outside interface.
In this case you’ll need to use the same crypto map (i.e. cryptomap with the same name) for both VPNs with different IDs:
crypto map CRYPTOMAPNAME 11 ipsec-isakmp
set peer PEERIPADDRESS
set transform-set ASA-IPSEC
match address COLO_VPN_ACL
crypto map CRYPTOMAPNAME 99 ipsec-isakmp dynamic dynmap
For RADIUS authentication you’ll probably need something like
crypto map CRYPTOMAPNAME client authentication list userauthen
crypto map CRYPTOMAPNAME isakmp authorization list groupauthor
You’ll also need separate crypto policies for VPN users:
crypto isakmp client configuration group CRYPTOMAPNAME
and for peers:
crypto isakmp policy 2
and if you use pre-shared key for you site-to site VPN, no-xauth needs to be added at the end below which tells router to bypass authentication:
crypto isakmp key nd200412 address 22.214.171.124 no-xauth