Thanks a lot for all the replies. I was not able to use racoon to do a kerberos auth based IPsec connection :(

I  wanted to use this setup to see what credentials are getting aquired by client and server when GSS API based kerberos is used for IPSec.

Could anybody please let me know if :
I am connecting from a system which is acting as a client  to another server. Assume that the system which is acting as server has many application servers running such as telnet, ftp, dns, dhcp etc.  Then If I use IPSec using kerberos,  do I need service  tickets for all these services ?  Or Do I need only one ticket for the server system. I assume machine based authentication will happen rather than service based authention. Am I correct ?

In this case, I need not bother about the application services running. Right ?

Could you please help me ?

- Sandy.