I have a question that's puzzeling me, I have the below setup on my PIX 515 running Version 6.3(5) - both of the below VPN tunnels are up.

My question is...

When I do show isakmp sa detail, I observe for my VPN tunnel that is using transform-set Y456 using encryption 3des and Hash MD5, shouldn't I see:

encryption = AES and Hash = SHA as per transform-set Y456?

Has any one seen this before or am I running into a bug?

crypto ipsec transform-set X123 esp-3des esp-md5-hmac

crypto ipsec transform-set Y456 esp-aes-192 esp-sha-hmac

crypto map MYMAP 1 ipsec-isakmp

crypto map MYMAP 1 match address 103

crypto map MYMAP 1 set peer 123.456.789.100

crypto map MYMAP 1 set transform-set X123

crypto map MYMAP 2 ipsec-isakmp

crypto map MYMAP 2 match address 104

crypto map MYMAP 2 set peer 111.222.333.444

crypto map MYMAP 2 set transform-set Y456

crypto map MYMAP interface outside

isakmp enable outside

isakmp key <KEY1234> address 123.456.789.100 netmask 255.255.255.255

isakmp key <KEY5678> address 111.222.333.444 netmask 255.255.255.255

isakmp policy 1 authentication pre-share

isakmp policy 1 encryption 3des

isakmp policy 1 hash md5

isakmp policy 1 group 2

isakmp policy 1 lifetime 86400

isakmp policy 2 authentication pre-share

isakmp policy 2 encryption aes-192

isakmp policy 2 hash sha

isakmp policy 2 group 5

isakmp policy 2 lifetime 1440

EURO_FW01# sho isakmp sa det

Local Remote Encr Hash Auth State Lifetime

222.333.444.555:500 111.222.333.444:500 3des md5 psk QM_IDLE 86082

222.333.444.555:500 123.456.789.100:500 3des md5 psk QM_IDLE 9316

Thanks,