Site to site VPN using two phase encryption

[jrcanfer]

Right, I've been running Pixes for years but never had to setup a Site to Site VPN.

I can work most of it out, but I'm somewhat confused about what I'd need to put into the config to achieve the following


Phase 1:Encryption: DES
Hash: SHA1
Lifetime 86400 seconds
Group DH1
Phase 2:Encryption 3DES
Hash SHA1
Lifetime 86400 seconds
Group DH1
Lifesize 8192KB

Can both of these phases be defined in one ipsec transform set or am I way off the mark?

Thanks in advance.

JC

 

[Supergrrover]

access-list no_nat permit ip [INTERNALIP] [VPNPOOL]
access-list l2lvpn permit ip [INTERNALIP] [VPNPOOL]

crypto ipsec transform-set 3DES esp-3des esp-sha-hmac
crypto map [MAPNAME] 20 ipsec-isakmp
crypto map [MAPNAME] 20 match address l2lvpn
crypto map [MAPNAME] 20 set peer [REMOTEIP]
crypto map [MAPNAME] 20 set transform-set 3DES
crypto map [MAPNAME] 20 set pfs group1
crypto map [MAPNAME] 20 set security-association lifetime seconds 86400 kilobytes 8192
crypto map [MAPNAME] interface outside
isakmp enable outside
isakmp key [KEY] address [REMOTEIP] netmask 255.255.255.255
isakmp policy 9 authentication pre-share
isakmp policy 9 encryption des
isakmp policy 9 group1
isakmp policy 9 lifetime 86400




Brent
Systems Engineer / Consultant
CCNP, CCSP