Re: IPSEC BUG - Cannot filter - Subnet Mask invalid

From: x y (levinson_k@excite.com)
Date: 12/06/02 

From: "x y" <levinson_k@excite.com>
Date: Fri, 6 Dec 2002 16:13:29 -0500

I've heard of this happening before, and I'm not sure there is a fix. Be
sure you have the latest Windows service pack installed. You do have the
option probably of using the following subnets:

200.0.0.0 / 255.255.0.0
200.1.0.0 / 255.255.0.0
200.2.0.0 / 255.255.0.0
... etc. etc.
You can make this easier on yourself by scripting this using, for example,
the ipsecpol command line utility from Microsoft in a batch file.

Or, you could use a real firewall. That IMHO is even better, since IPsec
has no logging, alerting, intrusion detection, etc.

"Steven E. Adams" <stevea1@home2offic.com> wrote in message
news:06f801c29d69$b551f790$8af82ecf@TK2MSFTNGXA03...
> I have looked at this article before posting...
> Traffic That Can--and Cannot--Be Secured by IPSec (253169)
>
>
> Using IPSEC, I can not enter these addresses in the "IP
> Filter List" to Filter ASIAN Networks:
>
> 200.0.0.0 / 255.0.0.0
> 203.0.0.0 / 255.0.0.0
> 211.0.0.0 / 255.0.0.0
> 212.0.0.0 / 255.0.0.0
> 213.0.0.0 / 255.0.0.0
> 218.0.0.0 / 255.0.0.0
> 219.0.0.0 / 255.0.0.0
>
> (I am sure there are more)
> I get an error "This is an invalid MASK for the specified
> IP Address"
>
> HOWEVER, When I enter in these IP Addresses, I DO NOT get
> an error:
>
> 61.0.0.0 / 255.0.0.0
> 80.0.0.0 / 255.0.0.0
>
>
> Is this a bug in the IPSEC Policy?
> Is there a patch?
> Am I doing something Wrong?
>
> UNIX & LINUX Firewall rules do this no problem, IPCHAINS,
> ETC... It would be great if Microsoft would get the IPSEC
> to work they way I would like to use it.
>
> Steven E. Adams

Relevant Pages

  • RE: IPSEC
    ... IPSec security is applied to these clients. ... Generally speaking, IPSec can improve security on a network, but changing ... Microsoft CSS Online Newsgroup Support ... newsgroups so that they can be resolved in an efficient and timely manner. ...
    (microsoft.public.windows.server.sbs)
  • RE: allowed web site.
    ... How did you create the IPSec policy? ... Give me the screen shot of IE when you visit FedEx website. ... Microsoft CSS Online Newsgroup Support ... This newsgroup only focuses on SBS technical issues. ...
    (microsoft.public.windows.server.sbs)
  • Re: IPSEC BUG - Cannot filter - Subnet Mask invalid
    ... Just for the hell of it, I tried a 2-octect like you ... better, since IPsec ... >> UNIX & LINUX Firewall rules do this no problem, ... It would be great if Microsoft would get the ...
    (microsoft.public.win2000.security)
  • Re: Mising IPSEC
    ... IPSec will do for you. ... also be used to filter traffic such as for an IIS machine where it is used ... Microsoft MVP - Directory Services ... Instead of the website you're using, try using OEx (Outlook Express ...
    (microsoft.public.windows.server.networking)
  • Re: cisco / microsoft -- what is the VPN IPsec alternative????
    ... > Is there some good software solution for setting up a VPN (IPsec, firewall, ... > I have been advised to simply by a hardware solution (Cisco router), ... > flexibility, and I don't like the Microsoft one because 1) it is Microsoft, 2) ...
    (comp.security.misc)