Microsoft Knowledge Base Email Alertz
All KB/RSS Links  |  Hot Kb!  |  New Kb!  |  Scott Cate  |  FAQ / KB  |  Web Hosting  |  Unsubscribe  

Outbound firewall rule with Allow only secure connections drops IKE/AuthIP packets

Search KbAlertz

Advanced Search

Receive Microsoft Knowledge Base articles by E-Mail?

Every night we scan the Microsoft Knowledge Base. If technologies you're interested in are updated, we'll send you an e-mail. You only get one e-mail a day, and only when new articles are added.
Click here to create a
FREE account
Already have an account?
[Click here to Login]











Microsoft Knowledge Base Article

This article contents is Microsoft Copyrighted material.
©2005-©2007 Microsoft Corporation. All rights reserved. Terms of Use | Trademarks
Article ID: 2273643 - Last Review: August 24, 2010 - Revision: 4.0

Outbound firewall rule with "Allow only secure connections" drops IKE/AuthIP packets

View products that this article applies to.

SYMPTOMS

In Windows Firewall with Advanced Security, you configure an outbound firewall rule which requires the corresponding traffic to be authenticated and optionally encrypted. This is done by either enabling "Allow only secure connections" in the user interface or by using "NETSH ADVFIREWALL" at a Command Prompt with the arguments "security=authenticate" or "security=authenc".

A corresponding Connection Security (IPsec) rule is configured.

Attempting communication with a host that meets the criteria for the rule you created will fail.

Back to the top

CAUSE

The outgoing IKE or AuthIP packets on UDP port 500 are dropped by IPSec because the matching rule requires security overriding the default allow action to that IP address. Therefore, the IPSec negotiation cannot take place and the communication attempt fails.
Back to the top

RESOLUTION

Configure "Allow only secure connections" on the inbound firewall rule of the target computer.
Back to the top
Note This is a "FAST PUBLISH" article created directly from within the Microsoft support organization. The information contained herein is provided as-is in response to emerging issues. As a result of the speed in making it available, the materials may include typographical errors and may be revised at any time without notice. See Terms of Use (http://go.microsoft.com/fwlink/?LinkId=151500) for other considerations.
Back to the top
APPLIES TO
  • Windows Server 2008 Datacenter
  • Windows Server 2008 Enterprise
  • Windows Server 2008 Standard
  • Windows Vista Business
  • Windows Vista Enterprise
  • Windows Vista Ultimate
Back to the top
Keywords: 
kbipsec kbfirewall KB2273643
Back to the top
        

Community Feedback System

Very often, it takes hours to solve a problem. Very often, you've looked high and low, and have tried a lot of solutions. When you finally found it, chances are, it was because someone else helped you. Here's your chance to give back. Use our community feedback tool to let others know what worked for you and what didn't.

Please also understand that the community feedback system is not warranted to be correct, it's simply a system that we've built to let people try and help each other. If something in a feedback response doesn't make sense to you, or you're not comfortable making changes that the feedback talks about (like registry edits), please consult a professional.

Thank you for using kbAlertz.com Feedback System.

-- Scott Cate

Copyright © 2002-2007 KBALERTZ.COM.  All Rights Reserved. Terms / PrivacyDiscount ASP.NET Hosting