Steve.Robinson@psti.com wrote: > > A few comments: > > 2a: eliminate ESP authentication > 3a: require AH on all packets. No choice, no null mode. An IPsec connection > authenticates all packets, period. Null mode is useful, if only for debugging and performance measurement. Jor