I don't know how many times I've told the dolts who think hardware is king that XAUTH IPSec kludges are bad: Cisco under fire for VPN vulnerability - vnunet.com: http://www.vnunet.com/vnunet/news/2138475/cisco-under-fire-vpn-flaw