Microsoft KB Archive Search

Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

  1. Home
  2. Outbound firewall rule with "Allow only secure connections" drops IKE/AuthIP packets

Outbound firewall rule with "Allow only secure connections" drops IKE/AuthIP packets

Symptoms

In Windows Firewall with Advanced Security, you configure an outbound firewall rule which requires the corresponding traffic to be authenticated and optionally encrypted. This is done by either enabling "Allow only secure connections" in the user interface or by using "NETSH ADVFIREWALL" at a Command Prompt with the arguments "security=authenticate" or "security=authenc".

A corresponding Connection Security (IPsec) rule is configured.

Attempting communication with a host that meets the criteria for the rule you created will fail.

↑ Back to the top

Cause

The outgoing IKE or AuthIP packets on UDP port 500 are dropped by IPSec because the matching rule requires security overriding the default allow action to that IP address. Therefore, the IPSec negotiation cannot take place and the communication attempt fails.

↑ Back to the top

Resolution

Configure "Allow only secure connections" on the inbound firewall rule of the target computer.

↑ Back to the top

Keywords: kbipsec, kbfirewall, kb

↑ Back to the top

Article Info
Article ID : 2273643
Revision : 1
Created on : 1/7/2017
Published on : 8/24/2010
Exists online : False
Views : 100