Yes, you can just add another transform set for your new encryption method. They just go down the list when trying to negotiate encryption:
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-3DES-AES esp-3des esp-aes-hmac
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-AES
crypto dynamic-map outside_dyn_map 40 set transform-set ESP-3DES-MD5
crypto map VPNclient 65535 ipsec-isakmp dynamic outside_dyn_map
For site-to-sites, just add another policy, it works the same way....keeps negotiating until it finds a policy that matches.