Are you finding that rsh packets get encrypted and then not accepted
on the far side, or that the rsh packets go out in the clear when you
think they should not?  Please try tcpdump, and also 'netstat -p ipsec
-s' on both systems to see what if any counters are being incremented

I have seen times when the SPD is apparently not used correctly (on
1.6.1) but i have not managed to track it down.  Basically, it seems
like packets fail to match an SPD entry they should have matched, but
I can't say where it goes wrong.  The problem is intermittent, so a
situation where it used to work and now does not does not necessarily
imply that a bug has surface; it could be that conditions are at the
moment right for a latent bug to be exposed.

Have you tried specifying tcp and udp instead of any?

Why do you have 'use' on outgoing packets for the syslog server
instead of 'require'?

Try putting the rsh entries before the syslog entries.  This perhaps
shouldn't matter, but I have found that the apparent SPD bug is
sometimes ordering sensitive.  (The SPD is of course an ordered list
per RFC2401, but ordering of entries that do not overlap should not
matter.)

-- 
        Greg Troxel <gdt@ir.bbn.com>