Version 4.1 - 5.10.a IPsec
This section is basically about LAN-to-LAN (L2L) IPsec tunnels. Fortunately I have experience with this in a production environment.
Here's an example config:
crypto isakmp policy 10
encr aes
authentication pre-share
group 2
!
ip access-list extended crypto-ACL
permit ip 192.168.10.0 0.0.0.255 192.168.20.0 0.0.0.255
!
crypto isakmp key cisco123 address 0.0.0.0 0.0.0.0
!
crypto ipsec transform-set myset esp-aes esp-sha-hmac
!
crypto dynamic-map dyn 10
set transform-set myset
!
crypto map mymap 10 ipsec-isakmp
match address 140
set peer example-b.cisco.com dynamic
set transform-set myset
crypto map mymap 65535 ipsec-isakmp dynamic dyn
!
interface fastethernet0/0
ip address dhcp
crypto map secure_b
[Check the link for the other side config]
If you understand all the parts of that config, you should be good with this. Understanding all those parts and what they do should be able to help you identify misconfigurations. I would think that questions on this would center around multiple config examples and having to choose the correct one.