I'm not sure yet whether what Tim has proposed is the full answer. But we certainly saw problems under high rekeying load. Problems in the sense of traffic being lost -- not what you could call protocol malfunction. The improvements Tim suggested make logical sense and certainly seem to help make things better. paul