diff --git a/utils/src/com/cloud/utils/net/NetUtils.java b/utils/src/com/cloud/utils/net/NetUtils.java
index 97f6cd29258..ac301726da5 100755
--- a/utils/src/com/cloud/utils/net/NetUtils.java
+++ b/utils/src/com/cloud/utils/net/NetUtils.java
@@ -1108,7 +1108,7 @@ public class NetUtils {
             }
             String cipher = list[0];
             String hash = list[1];
-            if (!cipher.matches("des|3des|aes|aes128|aes256")) {
+            if (!cipher.matches("3des|aes|aes128|aes256")) {
                 return false;
             }
             if (!hash.matches("md5|sha1")) {
diff --git a/utils/test/com/cloud/utils/net/NetUtilsTest.java b/utils/test/com/cloud/utils/net/NetUtilsTest.java
index f25215a4d42..06fc1769675 100644
--- a/utils/test/com/cloud/utils/net/NetUtilsTest.java
+++ b/utils/test/com/cloud/utils/net/NetUtilsTest.java
@@ -51,10 +51,12 @@ public class NetUtilsTest extends TestCase {
     
     public void testVpnPolicy() {
         assertTrue(NetUtils.isValidS2SVpnPolicy("aes-sha1"));
+        assertTrue(NetUtils.isValidS2SVpnPolicy("3des-sha1"));
+        assertTrue(NetUtils.isValidS2SVpnPolicy("3des-sha1,aes-sha1"));
         assertFalse(NetUtils.isValidS2SVpnPolicy("des-md5;modp1024"));
         assertFalse(NetUtils.isValidS2SVpnPolicy("des-md5;modp1024,aes-sha1;modp1536"));
         assertFalse(NetUtils.isValidS2SVpnPolicy("3des-sha1,aes-sha1;modp1536"));
-        assertTrue(NetUtils.isValidS2SVpnPolicy("3des-sha1,aes-sha1"));
+        assertFalse(NetUtils.isValidS2SVpnPolicy("des-sha1"));
         assertFalse(NetUtils.isValidS2SVpnPolicy("abc-123,ase-sha1"));
         assertFalse(NetUtils.isValidS2SVpnPolicy("de-sh,aes-sha1"));
         assertFalse(NetUtils.isValidS2SVpnPolicy(""));