Consider the following scenario:
- In a network environment, you configure the Internet Protocol security (IPsec) policy to use the tunnel mode.
- In the IP Filter Properties dialog box of the IPsec policy, you use a subnet address for the Source Address or for the Destination Address.
- You try to establish the IPsec tunnel-mode connection to a partner computer from a Windows Vista-based computer or from a Windows Server 2008-based computer.
In this scenario, the computer cannot negotiate the security mode with the partner computer. Therefore, you cannot use IPsec to secure the connection.