[Vpn-help] Documentation on Policy include/exclude rules?

Robert badbob at gmail.com
Thu Nov 20 12:35:29 CST 2008


Using 2.14 on Windows and there isn't much detailed documentation on the
IPSEC Policy Configuration. I want to define policy rules to include or
exclude certain network resources.

First I would uncheck [ ] Obtain Topology Automatically or Tunnel All

Now, how would I define a policy to "Tunnel All Except x.x.x.x"
I thought perhaps:
Include 0.0.0.0 / 0.0.0.0 (To tunnel all)
Exclude 10.154.1.0 / 255.255.255.0
Exclude 192.168.1.0 / 255.255.255.0

But "Include 0.0.0.0 / 0.0.0.0" is not accepted.

Going the other way, everything is excluded by default and will only tunnel
what is defined in the include rules. But it is hard if there are more
networks on the remote end compared to the local end.

Also, what happens when Include and Exclude rules have overlapping networks?
For example:
Include 192.168.0.0 / 255.255.0.0
Exclude 192.168.1.0 / 255.255.255.0
So would all 192.168.x.x traffic be tunneled except for 192.168.1.x traffic?

Or the opposite:
Exclude 192.168.0.0 / 255.255.0.0
Include 192.168.1.0 / 255.255.255.0

I would I need to avoid any overlap and specify networks exactly, either by
listing them individually or playing around with the subnet mask?

Thanks,
Bobby
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20081120/2da0079d/attachment-0001.html>


More information about the vpn-help mailing list