diff -urNp openswan-2.6.32-orig/programs/pluto/kernel.c openswan-2.6.32-cvs-patched/programs/pluto/kernel.c
--- openswan-2.6.32-orig/programs/pluto/kernel.c	2011-01-10 15:25:35.453925433 -0500
+++ openswan-2.6.32-cvs-patched/programs/pluto/kernel.c	2011-01-10 15:24:48.701924368 -0500
@@ -2761,8 +2761,15 @@ install_ipsec_sa(struct state *st, bool 
     }
 
    if (st->st_connection->remotepeertype == CISCO) {
-	if(!do_command(st->st_connection, &st->st_connection->spd, "updateresolvconf", st)) {
-	DBG(DBG_CONTROL, DBG_log("Updating resolv.conf failed, you may need to update it manually"));
+
+	sr = st->st_connection->spd.next;
+	st->st_connection->spd.eroute_owner = sr->eroute_owner;
+	st->st_connection->spd.routing = sr->routing;
+
+	if(!st->st_connection->newest_ipsec_sa) {
+		if(!do_command(st->st_connection, &st->st_connection->spd, "updateresolvconf", st)) {
+		DBG(DBG_CONTROL, DBG_log("Updating resolv.conf failed, you may need to update it manually"));
+		}
 	}
    }
 
@@ -2804,7 +2811,11 @@ delete_ipsec_sa(struct state *st USED_BY
 		     */
 		    sr->routing = (c->policy & POLICY_FAIL_MASK) == POLICY_FAIL_NONE
 			? RT_ROUTED_PROSPECTIVE : RT_ROUTED_FAILURE;
-		    
+
+		    if (sr == &c->spd && c->remotepeertype == CISCO) {
+			continue;
+		    }
+
 		    (void) do_command(c, sr, "down", st);
 		    if ((c->policy & POLICY_DONT_REKEY)
 			&& c->kind == CK_INSTANCE)
@@ -2834,7 +2845,7 @@ delete_ipsec_sa(struct state *st USED_BY
 	}
 	(void) teardown_half_ipsec_sa(st, TRUE);
 
-	if (st->st_connection->remotepeertype == CISCO) {
+	if (st->st_connection->remotepeertype == CISCO && st->st_serialno == st->st_connection->newest_ipsec_sa) {
 		if(!do_command(st->st_connection, &st->st_connection->spd, "restoreresolvconf", st)) {
 		DBG(DBG_CONTROL, DBG_log("Restoring resolv.conf failed, you may need to do it manually"));
 		}