I don't know about "more" security. You can do things with isakmpd.conf and isakmpd.policy that are not possible with ipsec.conf. By definition, ipsec.conf is simpler and easier.
Can it do what you want? I don't know, because I'm not clear on your use case.
You might test to see if its a good fit. From what you've posted, it appears you only want to permit clearly defined SAs and flows. From my experience with ipsec.conf, all SAs and flows must be predefined in the configuration file.
|