IPSec: subnet based filtering not working (???)

I'm trying to create an IPSec VPN tunnel to connect to a particular subnet.
the IPSec fileter is defined as a specific subnet (like 192.168.1.0/24).
If the IPSec filter is defined for the subnet, the IPSec driver simply
ignores it and not attempt is performed to create the tunnel. On the other
hand, if I just set the filter to one specific address on that subnet (like
192.168.1.123/32) it works.

For me it sounds like a bug in Vista's IPSec code. I've tried it using the
netsh ipsec context and thne MMC snap-in. Both yield the same result.

The same policy works under XP without a problem.....