Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
3DES and AES on the same PIX
- Thread starter rmgt
- Start date
Yes, you can just add another transform set for your new encryption method. They just go down the list when trying to negotiate encryption:
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-3DES-AES esp-3des esp-aes-hmac
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-AES
crypto dynamic-map outside_dyn_map 40 set transform-set ESP-3DES-MD5
crypto map VPNclient 65535 ipsec-isakmp dynamic outside_dyn_map
For site-to-sites, just add another policy, it works the same way....keeps negotiating until it finds a policy that matches.
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-3DES-AES esp-3des esp-aes-hmac
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-AES
crypto dynamic-map outside_dyn_map 40 set transform-set ESP-3DES-MD5
crypto map VPNclient 65535 ipsec-isakmp dynamic outside_dyn_map
For site-to-sites, just add another policy, it works the same way....keeps negotiating until it finds a policy that matches.
- Thread starter
- #3
- Status