An Internet Security Association and Key Management Protocol (ISAKMP) policy exists for a tunnel. A new policy is entered, but the PIX/ASA still shows only one ISAKMP policy when the show run command is issued.
The PIX/ASA does not allow more than one policy with a given set of rules. Thus, it does not permit this.
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption des
isakmp policy 10 hash md5
isakmp policy 10 group 1
isakmp policy 10 lifetime 86400
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption des
isakmp policy 20 hash md5
isakmp policy 20 group 1
isakmp policy 20 lifetime 86400
The PIX/ASA only keeps one of the previous policies. ISAKMP policies are processed from lowest policy number to highest policy number until a match is found.