Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

des and 3des on same pix

I was wondering how I could create two vpn's from one pix to two others, one using des and the second using 3des. I have created multiple vpn's both using des so I know about the access-list for nat, the two isakmp keys and such. the thing I am not sure about is how to configure the isakmp policies...


New Member

Re: des and 3des on same pix

You need to add a few thing to get both working.

1) you will need a two policy statements

onefor des and 3des

isakmp policy 10 encryption des

isakmp policy 20 encryption 3des

2) You will need two ipsec transform-sets on for des and one for 3des

crypto ipsec transform-set 1 esp-des esp-md5-hmac

crypto ipsec transform-set 2 esp-3des esp-md5-hmac

3) Then on your crypto-map idenify which transform-set to use 1 or 2 -

crypto map vpn 10 set transform-set 1 (des site)

crypto map vpn 20 set transform-set 2 (3des site)

That should be all you need