"Michael R. Eisler" writes: > My understanding is that it would be difficult to impossible for > IPSEC to switch security associations at that fine a granularity. IPSEC is capable of managing a large number of security associations, but I suspect no one has anticipated doing so within a single TCP session. Perry