I'm trying to configure a site-to-site VPN tunnel. I have a PIX 501, running 6.2(2). I clear Phase I, but not Phase II. My question is about transform sets. The vendor I'm working with is looking for one of the following 'sets': ESP-3DES-SHA esp-sha-hmac esp-3DES. I'm assuming that each of these are SETS and I need to have an EXACT match (e.g. ESP-3DES-SHA). When I try to configure the crypto ipsec transform-set, I only have these sets to work with:
[ ah-md5-hmac|ah-sha-hmac ] [ esp-des|esp-3des|esp-null ] [ esp-md5-hmac|esp-sha-hmac ]
My question is stated above: do I need an EXACT match with one of the transform 'sets'?