Problems with IPSec (flying racoons!)

I read the flying racoons articles with great interest and I've been trying to test them out myself. I've got a pair of Macs running 10.2.1, and have just tried to set up a simple transport connection between them with this sort of setup: spdadd 10.10.50.129/32 10.10.50.186/32 any -P out ipsec esp/transport/10.10.50.129-10.10.50.186/require; spdadd 10.10.50.186/32 10.10.50.129/32 any -P in ipsec esp/transport/10.10.50.186-10.10.50.129/require; I've also got the racoons up and running on both machines. When I try to connect from one to the other, after running the setkey commands above, I can't get any packets to go out on the wire (watching with tcpdump). I can't even ping the other machine (if I run 'setkey -FP' everything goes back to normal and I can ping again). I noticed in 'netstat -s' the following that seems to shed some light: ipsec: 0 inbound packets processed successfully 0 inbound packets violated process security policy 0 inbound packets with no SA available 0 invalid inbound packets 0 inbound packets failed due to insufficient memory 0 inbound packets failed getting SPI 0 inbound packets failed on AH replay check 0 inbound packets failed on ESP replay check 0 inbound packets considered authentic 0 inbound packets failed on authentication 0 outbound packets processed successfully 0 outbound packets violated process security policy [color=red:332b9dc311]576 outbound packets with no SA available[/color:332b9dc311] 0 invalid outbound packets 0 outbound packets failed due to insufficient memory 0 outbound packets with no route Anyone know what that might mean, and what is causing it?