The remote host is missing an update to ipsec-tools announced via advisory DSA 1299-1.

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201299-1

It was discovered that a specially-crafted packet sent to the racoon ipsec key exchange server could cause a tunnel to crash, resulting in a denial of service. The oldstable distribution (sarge) isn't affected by this problem. For the stable distribution (etch) this problem has been fixed in version 1:0.6.6-3.1. The unstable distribution (sid) will be fixed soon. We recommend that you upgrade your racoon package.