I thinks so but you have to change the isakmp parameters also !

!--- Permit packet that came from an IPSec tunnel to pass through without

!--- checking them against the configured conduits/access lists.

sysopt connection permit-ipsec

!--- Define the transform set to be used during IPSec

!--- security association (SA) negotiation. Specify AES as the encryption algorithm.

crypto ipsec transform-set trmset1 esp-aes-256 esp-sha-hmac

!--- Create a dynamic crypto map entry

!--- and add it to a static crypto map.

crypto dynamic-map map2 10 set transform-set trmset1

crypto map map1 10 ipsec-isakmp dynamic map2

!--- Bind the crypto map to the outside interface.

crypto map map1 interface outside

!--- Enable Internet Security Association and Key Management

!--- Protocol (ISAKMP) negotiation on the interface on which the IPSec

!--- peer communicates with the PIX firewall.

isakmp enable outside

isakmp identity address

!--- Define an ISAKMP policy to be used while

!--- negotiating the ISAKMP SA. Specify

!--- AES as the encryption algorithm. The configurable AES

!--- options are aes, aes-192 and aes-256.

!--- Note: AES 192 is not supported by the VPN Client.

isakmp policy 10 authentication pre-share

isakmp policy 10 encryption aes-256

isakmp policy 10 hash sha

isakmp policy 10 group 2

isakmp policy 10 lifetime 86400

!--- Create a VPN group and configure the policy attributes which are

!--- downloaded to the Easy VPN Clients.

vpngroup groupmarketing address-pool vpnpool1

vpngroup groupmarketing dns-server 10.10.11.5

vpngroup groupmarketing wins-server 10.10.11.5

vpngroup groupmarketing default-domain org1.com

vpngroup groupmarketing split-tunnel 102

vpngroup groupmarketing idle-time 1800

vpngroup groupmarketing password ********

See: How to Configure the Cisco VPN Client to PIX with AES

http://www.cisco.com/en/US/products/sw/secursw/ps2308/products_configuration_example09186a00801e71c0.shtml

sincerley

Patrick