The labeled networking over ipsec patch set has caused problems with non-labeled
ipsec. See the upstream thread
As soon as a solution is determined upstream this needs to go into RHEL5.
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release. Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products. This request is not yet committed for inclusion in an Update
QE ack for RHEL5.