[Vpn-help] Documentation on Policy include/exclude rules?

Robert badbob at gmail.com
Thu Nov 20 12:35:29 CST 2008

Using 2.14 on Windows and there isn't much detailed documentation on the
IPSEC Policy Configuration. I want to define policy rules to include or
exclude certain network resources.

First I would uncheck [ ] Obtain Topology Automatically or Tunnel All

Now, how would I define a policy to "Tunnel All Except x.x.x.x"
I thought perhaps:
Include / (To tunnel all)
Exclude /
Exclude /

But "Include /" is not accepted.

Going the other way, everything is excluded by default and will only tunnel
what is defined in the include rules. But it is hard if there are more
networks on the remote end compared to the local end.

Also, what happens when Include and Exclude rules have overlapping networks?
For example:
Include /
Exclude /
So would all 192.168.x.x traffic be tunneled except for 192.168.1.x traffic?

Or the opposite:
Exclude /
Include /

I would I need to avoid any overlap and specify networks exactly, either by
listing them individually or playing around with the subnet mask?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20081120/2da0079d/attachment-0001.html>

More information about the vpn-help mailing list