Check IP Security on the Initiating Host

IPSec can increase the defenses of a network, but it can also make changing network configurations or troubleshooting problems more difficult. In some cases, IPSec running on the initiating host of a computer under investigation can create difficulties in connecting to a remote host. To determine if this is a source of problems, turn off IPSec and attempt to run the requested network service or function.

If the problem disappears when IPSec policies are turned off, you know that the additional IPSec processing burden or its packet filtering are responsible for the problem. To solve the problem, use the following procedure:

To stop IPSec policy agents from enforcing IPSec

  • From the Group or Local Policy , right-click the policy and click Unassign .

If you need to disable IP Security only for a specific computer, you can disable the IPSec Policy Agent Service on that computer.

To stop the IPSec Policy Agent

  1. Start the Services snap-in.

  2. In the Services results pane, double-click IPSec Policy Agent .

  3. Click Stop (or Disable if you do not want the Policy Agent to resume after the next system restart).

For more information about IPSec issues, see "Internet Protocol Security" in this book.