From: Roland Hall (nobody_at_nowhere)
Date: Fri, 25 Feb 2005 02:24:12 -0600
"Steven L Umbach" wrote in message
: As far as I know in Windows 2000 and XP you can only use basic subnets -
: 255.0.0.0, 255.255.0.0, and 255.255.255.0. Windows 2000 balks if you try
: use Local Security Policy to configure what it considers to be an invalid
: subnet. You can at least get around that with the ipsecpol command line
: to built the policy and also you could possibly create the ipsec policy on
: an XP Pro computer and then export/import it into a Windows 2000 computer.
: Windows 2003 allows the use of the netsh command to built an ipsec policy
: and you can specify a value of 1-32 as the srcmask or dstmask in a
: ilter. --- Steve
That's the wall I ran into. I'd try to mask off all host values and it
would return with invalid subnet. The help file is useless as it doesn't
specify one way or the other. I'm trying to block anyone outside the US and
Canada, well, not me, but for someone else.
Ipsecpol is going to be my new friend.