here is how to do a route-based VPN using the web interface between two Netscreens(Sorry I don't know much about Cisco in this case):
Setup:
Firewall A -> Internet -> Firewall B
Log into Firewall A through the web interface
Configure tunnel interface
Click Network -> Interfaces
Make sure the dropdown in the top left says Tunnel IF, and click New
Put it in the Untrust zone so all VPN traffic will run through the Untrust->Trust policy
Click unnumbered then select the untrust interface
click OK
Configure your VPN Gateway
Click VPNs -> AutoKey Advanced -> Gateway
click New
Name the gateway "Firewall-B"
Select custom security level
Enter the public IP address of Firewall B
Enter your preshared key
Select untrust for outgoing interface
Click advanced
Select User defined (custom)
in the 1st dropdown select pre-g2-aes128-sha
Click return at the bottom
Click OK at the bottom
Create VPN
Select VPNs -> Autokey Advanced
Click New
Name it FirewallB-vpn
Select Custom
Leave predefined checked and select your FirewallB-GW in the dropdown
Click Advanced
Select custom
In 1st dropdown, select g2-esp-aes128-sha
Turn on replay protection
Bind to tunnel interface, and select your tunnel interface created earlier
Turn on VPN monitor to bring up the VPN and keep it up with no traffic
Click Return
Click OK
Add routes to the remote network. (You can configure the tunnel interfaces to run OSPF, or you can add a static addresses).
To add a static.
On the menu click Network -> Routing -> Destination
Click new
Type in the network address behind Firewall B
Select Gateway
Select your tunnel interface in the dropdown
Click ok
Add your policy to allow access to/from the remote networks.
If you are not in NAT mode on your trust interface, check position at top when creating a Trust->Untrust rule or it will NAT the traffic to your untrust IP or DIP pool and then send it across the tunnel.
Create an Untrust->Trust policy to allow access from the Network behind FirewallB to hosts or the network behind FirewallB.
Repeat these steps on Firewall B. using Firewall A´s config.
Regards
Gavrilo