Since IPsec uses UDP500 for key exchange, how does it know to ignore configurations that seek to protect udp/500 with IPsec? If this were allowed, presumably the IPsec stack would go into an unterminating recursion. Please help. Pervaiz.