[Ipsec-tools-users] Peers with /0.0.0.0 vs /255.255.255.255

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

I have, now, two totally disparate peers that define their association with
0.0.0.0 instead of /32.  In both cases they're not handy in conversations
about networking in that they will reply that because it's a host there
should be no subnet.

I have limped with one peer doing this for some time by having the anonymous
catch it, but the new peer requires different parameters and won't allow me
to option a more general catch-all offering of options.

Have others seen/experienced this?  I can, oddly, initiate to the peer with
the /32 and they work fine until their side initiates a rekeying.  At that
point I have a window where the VPN is established but dead because I'm
still carrying SAs that they're no longer using.  If I shorten my lifetime
in the anonymous in order to catch the second peer's rekeying, I'll break
the first peer.

Any ideas other than being a curmudgeon and really forcing the issue back
onto them?  Changing ipsec.conf and racoon.conf to /0 led to horrible
results where nothing worked with these peers.  The peers are Checkpoint and
cisco, I think.

Thanks,

peter