exp3

Windows seems to accept plain text communication for policies that should only do crypto. Windows bug or ipsec.exe policy agent bug. Need to be traced down.
People removing WaveSEC software while policies are loaded. Yes they are loaded again after reboot, without the need for the supporting tools!!
Windows can only tunnel “everything” to the default gateway. If fails to send packets for “everything” to another host. Though that is a fairly bad setup anyway, requiring NAT. (think “limited hotel IPs”)

Windows seems to accept plain text communication for policies that should only do crypto. Windows bug or ipsec.exe policy agent bug. Need to be traced down.