DES Ciphers - Switch to 3DES

Unanswered Question
Feb 6th, 2009


We are running cisco 515 version 6.3 & I believe on the other end they are running an ASA. We would like to change out DES Cipher to 3DES. Now we have multiple tunnels terminating at our Pix 515, but we will only be changing the Cipher for one of the tunnels. None of our tunnels are running 3 DES :-(.

We have:

crypto ipsec transform-set ipsec-p2 esp-3des esp-sha-hmac

and I would add:

crypto ipsec transform-set vpn-strong2 esp-3des esp-md5-hmac

and this is the tunnel config and I would change vpn-strong to


crypto map ******** 97 ipsec-isakmp

crypto map ******** 97 match address * * * * *

crypto map ******** 97 set peer nyc-peer-01

crypto map ******** 97 set transform-set vpn-strong2

Am I correct? Me changing the transform-set should not affect our other tunnels?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Ivan Martinon Fri, 02/06/2009 - 10:51

You are correct, this should not affect other tunnels, this of course once it is applied, however to apply this change it is safe to go ahead and shutdown your tunnel while making this change.


This Discussion