您客户的配置是来自 Cisco 路由器的Cisco IOS加密配置，它不能与Cisco ASA软件互换。

您需要获取该配置的相关部分（PSK、对等 IP、加密 ACL）并将它们放入 Cisco ASA 配置中，就像您现有的隧道一样。

它大概类似于以下内容：

! Substitute in the crypto map entry nubmer as needed for <###>
! Substitute your peer's IP for <##.##.##.##>

object-group network VPN-LOCAL-<###>
  network-object <LOCAL Network>
  network-object <LOCAL Network>

object-group network VPN-REMOTE-<###>
  network-object <REMOTE Network>
  network-object <REMOTE Network>

access-list <###> permit ip object-group VPN-LOCAL-<###> object-group VPN-REMOTE-<###>
nat (any,OUTSIDE) source static VPN-LOCAL-<###> VPN-LOCAL-<###> destination static VPN-REMOTE-<###> VPN-REMOTE-<###>

crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto map <your crypto map name> <###> match address <###>
crypto map <your crypto map name> <###> set peer <##.##.##.##>
crypto map <your crypto map name> <###> set transform-set ESP-3DES-MD5
crypto map <your crypto map name> <###> set pfs group1

crypto map <your crypto map name> interface OUTSIDE
crypto isakmp identity address
crypto ikev1 enable OUTSIDE

! This policy may already be in place on your ASA, it's very common.
crypto ikev1 policy ###
  encryption 3des
  hash md5
  group 1

tunnel-group <##.##.##.##> type ipsec-l2l
tunnel-group <##.##.##.##> ipsec-attributes
  ikev1 pre-shared-key <your PSK from the customer config>