Hi everybody.
I have successfully build an ipsec policy
on Vista with the new 'netsh ipsec'. Here
is the command script:

netsh ipsec static delete all
netsh ipsec static add policy name=osw_policy description=osw mmpfs=yes
assign=yes mmsecmethods=3des-md5-2
netsh ipsec static add filterlist name=from_me_to_you
description=filter_list_for_osw_outbound
netsh ipsec static add filterlist name=from_you_to_me
description=filter_list_for_osw_inbound
netsh ipsec static add filter filterlist=from_me_to_you
description=from_me_to_you srcaddr=172.16.0.147 dstaddr=1.1.1.0 protocol=ANY
mirrored=no srcmask=255.255.255.255 dstmask=255.255.254.0 srcport=0
dstport=0
netsh ipsec static add filter filterlist=from_you_to_me
description=from_you_to_me srcaddr=1.1.1.0 dstaddr=172.16.0.147 protocol=ANY
mirrored=no srcmask=255.255.254.0 dstmask=255.255.255.255 srcport=0
dstport=0
netsh ipsec static add filteraction name=osw_tunnel_filteraction
description=quick_mode_policy qmpfs=yes inpass=no soft=no action=negotiate
qmsecmethods=ESP[3DES,MD5]:50000k/3600s
netsh ipsec static add rule name=from_me_to_you
description=osw_tunnel_rule_definition policy=osw_policy
filterlist=from_me_to_you filteraction=osw_tunnel_filteraction
tunnel=172.16.1.247 conntype=lan activate=yes kerberos=no rootca="C=YOU, bla
bla bla "
netsh ipsec static add rule name=from_you_to_me
description=osw_tunnel_rule_definition policy=osw_policy
filterlist=from_you_to_me filteraction=osw_tunnel_filteraction
tunnel=172.16.0.147 conntype=lan activate=yes kerberos=no rootca="C=YOU, bla
bla bla"

When I try to ping from Vista (172.16.0.147)
to 1.1.1.10 (any ip inside the 1.1.1.0/23
class) I always get 'request timeout'. Vista
doesn't even try to establish the tunnel with
the 172.16.1.247 ipsec peer.
It's like Vista doesn't even evaluate these
ipsec policies.

Am I missing anything?
TIA

PS: This is a standard Vista enterprise
installation, firewall is also disabled.