Hi,

I am posting a stupid question I supposed, I hope you can help me.

I have a remote site trying to connect back to our PIX VPN box using md5 to set up the VPN tunnel as they cannot configure their VPN box (GNAT ) with "sha" algorithm which I am using for other remote sites.

I am trying to add the following set of command to my PIX box, however, it doesn't seem to work, what could have I done wrong?

crypto ipsec transform-set Australand esp-3des esp-md5-hmac

crypto dynamic-map pixtognat 23 set transform-set Australand

crypto map capitaland 24 ipsec-isakmp dynamic pixtognat

isakmp policy 24 authentication pre-share

isakmp policy 24 encryption 3des

isakmp policy 24 hash md5

isakmp policy 24 group 2

isakmp policy 24 lifetime 86400

my existing VPN config is as append:

sysopt connection permit-ipsec

no sysopt route dnat

crypto ipsec transform-set test esp-3des esp-sha-hmac

crypto ipsec transform-set UK esp-des

crypto ipsec security-association lifetime seconds 86400

crypto dynamic-map pixosw 10 set transform-set test

crypto map spooky 20 ipsec-isakmp dynamic pixosw

crypto map spooky 60 ipsec-manual

crypto map spooky 60 match address 160

crypto map spooky 60 set peer 62.49.221.118

crypto map spooky 60 set transform-set UK

crypto map spooky 60 set security-association lifetime seconds

28800 kilobytes 4608000

crypto map spooky 60 set session-key inbound esp 300 cipher

C43AF3903808B3D0

crypto map spooky 60 set session-key outbound esp 300 cipher

C43AF3903808B3D0

crypto map spooky interface outside

isakmp enable outside

isakmp key ******** address 0.0.0.0 netmask 0.0.0.0

isakmp policy 20 authentication pre-share

isakmp policy 20 encryption 3des

isakmp policy 20 hash sha

isakmp policy 20 group 2

isakmp policy 20 lifetime 86400

Thank you very much.