https://community.cisco.com/t5/network-security/des-and-3des-on-same-pix/m-p/3247#M689151 <P>I was wondering how I could create two vpn's from one pix to two others, one using des and the second using 3des. I have created multiple vpn's both using des so I know about the access-list for nat, the two isakmp keys and such. the thing I am not sure about is how to configure the isakmp policies...</P><P></P><P>Thanks</P> Fri, 21 Feb 2020 05:46:59 GMT careyg 2020-02-21T05:46:59Z https://community.cisco.com/t5/network-security/des-and-3des-on-same-pix/m-p/3247#M689151 <P>I was wondering how I could create two vpn's from one pix to two others, one using des and the second using 3des. I have created multiple vpn's both using des so I know about the access-list for nat, the two isakmp keys and such. the thing I am not sure about is how to configure the isakmp policies...</P><P></P><P>Thanks</P> Fri, 21 Feb 2020 05:46:59 GMT https://community.cisco.com/t5/network-security/des-and-3des-on-same-pix/m-p/3247#M689151 careyg 2020-02-21T05:46:59Z https://community.cisco.com/t5/network-security/des-and-3des-on-same-pix/m-p/3248#M689172 <HTML><HEAD></HEAD><BODY><P>You need to add a few thing to get both working.</P><P>1) you will need a two policy statements</P><P> onefor des and 3des </P><P>isakmp policy 10 encryption des</P><P>isakmp policy 20 encryption 3des</P><P>2) You will need two ipsec transform-sets on for des and one for 3des</P><P>crypto ipsec transform-set 1 esp-des esp-md5-hmac</P><P>crypto ipsec transform-set 2 esp-3des esp-md5-hmac </P><P></P><P>3) Then on your crypto-map idenify which transform-set to use 1 or 2 - </P><P>crypto map vpn 10 set transform-set 1 (des site)</P><P>crypto map vpn 20 set transform-set 2 (3des site)</P><P></P><P>That should be all you need</P><P></P><P></P><P></P></BODY></HTML> Mon, 19 Feb 2001 20:44:59 GMT https://community.cisco.com/t5/network-security/des-and-3des-on-same-pix/m-p/3248#M689172 thegreenwood 2001-02-19T20:44:59Z