We have an 877 that has is creating a site to site VPN. At the moment, Vlan1 (192.168.101.0/24) has full access to the remote server. What we need now is another subnet access to this remote site. I'm thinking of adding the second vlan on the Cisco, assigning vlan 2 to a port, and getting the subnet added to the crytpomap. I want this second subnet (well a server - 192.168.200.2) only to access the remote site (specific port 3277) , not vlan1. Here is the current config. What else do I need to add?