PIX SITE TO SITE FROM (ISA)

Current implementation rtr->pix->isa where the vpn site to tsite is established through the isa and the protocols are forwarded to the pix. want to remove isa due it being a single point of failure and taking advantage of the failover i have implemented on the pix 515E 6.3.3

i started to try config from the isa config

Remote Site X.Y.Z.46
ESP - Triple DES with SHA1 Integrity
IKE Encryption and Diffie-Hellman Group Triple DES with Group 2 (1024-bit prime)
Perfect Forward Secrecy (Disabled)
Compression (Disabled)
Rekey Timeout (08:00:00)  "in hours"
Rekey Data Count (None)
ISAKMP Retransmission Interval (1440)  "in minutes"
ISAKMP Retransmission Max Attempts (4)
Pre-Shared Key ( to be negotiated )

Network routing on our side (hosts):
10.48.239.56
10.48.239.75
10.48.239.199



My Site

Our Endpoint X.X.X.173
ESP  Triple DES with SHA1 Integrity
IKE Encryption and Diffie-Hellman Group Triple DES with Group 2 (1024-bit prime)
Perfect Forward Secrecy (Disabled)
Rekey Timeout 28800 seconds = 8 hours
Rekey Data Count (None)
Pre-Shared Key (to be negotiated)

This is what i started to create, some guidance please

isakmp enable outside
isakmp policy 9 authentication pre-share
isakmp policy 9 encrypt 3des
crypto isakmp key 12345678 address X.Y.Z.46
crypto ipsec transform-set strong esp-3des esp-sha-hmac
access-list 90 permit ip host X.Y.Z.46

networks on my side
10.168.4.0 /24
10.168.0.0 /22

hosts on remote site
10.48.239.56
10.48.239.75
10.48.239.199