Thanks for the information about RADIUS; it sounds like that rules it out as a possible way to implement ipsec auditing.... - Bill