You want to use a RHEL 6/CentOS 6 server as an IPSec/VPN gateway?
Here's the tl;dr.... don't do it. Buy some Juniper SRX210's on eBay for $200/each instead.
The Linux kernel team massively broke IPSec performance somewhere between kernels 2.6.18 and 2.6.35. The good news is that it's supposedly fixed in 2.6.35. I haven't tested it, but reports are that it works OK. So if you must stay with RHEL or CentOS, compile your own kernel (I'd recommend doing that anyway).
So back to the long story.
A Creole coonass just trying to get by. I live in San Francisco and work as a digital plumber for the joint that runs this thing. (Square/Weebly) Thoughts are mine, not my company's.