Information that makes life easier when it comes to installing, managing, and using Windows Vista.
Start About FAQ Blogroll Shop

ITsVISTA KB-Link: KB946887

A Windows Vista or Windows Server 2008-based computer cannot negotiate the security mode with the partner if you use a subnet address as a source address or as a destination filter address when you configure IPsec policy to use tunnel mode

Consider the following scenario:

  • In a network environment, you configure the Internet Protocol security (IPsec) policy to use the tunnel mode.
  • In the IP Filter Properties dialog box of the IPsec policy, you use a subnet address for the Source Address or for the Destination Address.
  • You try to establish the IPsec tunnel-mode connection to a partner computer from a Windows Vista-based computer or from a Windows Server 2008-based computer.

In this scenario, the computer cannot negotiate the security mode with the partner computer. Therefore, you cannot use IPsec to secure the connection.

There is a download that resolves this issue. See Hotfixes for details.

For more information on this issue, including potential causes, workarounds, and resolutions, see: Microsoft KB Article KB946887.

Get notified of new posts for FREE via RSS or E-mail

Subscribe to ITsVISTA!

Related Posts