In message <Pine.NEB.4.10.10101221442340.23005-100000@wibble.tfo-consulting.com
>, Alex Barclay writes:
>
>Racoon seems to do a far more sensible job of setting up the policy
>database. Isakmpd seems to enter some wierd entries.

That used to be the case until around September -- it shouldn't be the case
anymore. The reason for those weird entries was boxes like the Cisco Altigas
that insisted on using the same SA for just about every packet two firewalls
could want to exchange (which breaks policy).
-Angelos