RE: IPsec with ambiguous routing