cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
325
Views
0
Helpful
1
Replies

DES Ciphers - Switch to 3DES

emrivera01
Level 1
Level 1

Hello,

We are running cisco 515 version 6.3 & I believe on the other end they are running an ASA. We would like to change out DES Cipher to 3DES. Now we have multiple tunnels terminating at our Pix 515, but we will only be changing the Cipher for one of the tunnels. None of our tunnels are running 3 DES :-(.

We have:

crypto ipsec transform-set ipsec-p2 esp-3des esp-sha-hmac

and I would add:

crypto ipsec transform-set vpn-strong2 esp-3des esp-md5-hmac

and this is the tunnel config and I would change vpn-strong to

vpn-strong2

crypto map ******** 97 ipsec-isakmp

crypto map ******** 97 match address * * * * *

crypto map ******** 97 set peer nyc-peer-01

crypto map ******** 97 set transform-set vpn-strong2

Am I correct? Me changing the transform-set should not affect our other tunnels?

1 Reply 1

Ivan Martinon
Level 7
Level 7

You are correct, this should not affect other tunnels, this of course once it is applied, however to apply this change it is safe to go ahead and shutdown your tunnel while making this change.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: