Negotiating IP security

ian-pearce used Ask the Experts™
I have a stand alone Vista Home edition PC. When I try to connect it to the network (workgroup) it connects, but cannot browse the internet as it cannot connect to the DNS server. When I ping the DNS server, it comes up with "negotiation ip security" four times and never gets a response from the target. Actually it happens if I try to ping any other IP address on the network
It is my understanding this is related to IPsec, however i have no policy set on this PC as far as I know, and since it is home edition there is no secpol.msc file.  Any sugestions why this might be happening?
Thank you.
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Can you use gpedit.msc?

if so, check out

Computer config/windows settings/security settings/ip security policies



Thank you for the reply, no cannot use it, it does not come with vista home edition
How about running mmc then adding the "ip security policies" snap-in?
Success in ‘20 With a Profitable Pricing Strategy

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!


I did that, but there are no IP security policies defined, any sugestions what could i do?
if so, look through this article - says it applies even to vista home basic 

Is it possible the issue lies not with the client, but that you've configured the servers to "require" ipsec rather than to "request" it?  Vista home would be unable to handle this (i suspect) as ipsec generally authenticates either using kerberos (you're not a domain member) or certificates (you'd know all this already if you'd managed to set ipsec up with certificates)

Anything interesting if you type the following?

netsh ipsec dynamic show all


Thanks for all that, I will look into it, at the moment I am bit lost, but will let you know


Ok here is the output of the command, but I cannot make anything out of it

Pinging with 32 bytes of data:
Negotiating IP Security.
Negotiating IP Security.
Negotiating IP Security.
Negotiating IP Security.

Ping statistics for
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

C:\netsh ipsec dynamic show all
No currently assigned Policy

Mainmode Policies not available.

Quickmode Policies not available.

Generic Mainmode Filters not available.

Specific Mainmode Filters not available.

Generic Quickmode Filters not available.

Specific Quickmode Filters not available.

IPsec MainMode Security Associations not available.

IPsec QuickMode Security Associations not available.

IPsec Configuration Parameters
StrongCRLCheck         : 1
IPsecexempt            : 3

IKE Statistics

Main Modes                  : 0
Quick Modes                 : 0
Soft SAs                    : 0
Authentication Failures     : 0
Active Acquire              : 0
Active Receive              : 0
Acquire fail                : 0
Receive fail                : 0
Send fail                   : 0
Acquire Heap size           : 0
Receive Heap size           : 0
Negotiation Failures        : 0
Invalid Cookies Rcvd        : 0
Total Acquire               : 0
TotalGetSpi                 : 0
TotalKeyAdd                 : 0
TotalKeyUpdate              : 0
GetSpiFail                  : 0
KeyAddFail                  : 0
KeyUpdateFail               : 0
IsadbListSize               : 0
ConnListSize                : 0
Invalid Packets Rcvd        : 0

IPsec Statistics

Active Assoc                : 0
Offload SAs                 : 0
Pending Key                 : 1
Key Adds                    : 0
Key Deletes                 : 1
ReKeys                      : 0
Active Tunnels              : 0
Bad SPI Pkts                : 0
Pkts not Decrypted          : 0
Pkts not Authenticated      : 0
Pkts with Replay Detection  : 0
Confidential Bytes Sent     : 0
Confidential Bytes Received : 0
Authenticated Bytes Sent    : 0
Authenticated Bytes Received: 0
Transport Bytes Sent        : 0
Transport Bytes Received    : 0
Bytes Sent In Tunnels       : 0
Bytes Received In Tunnels   : 0
Offloaded Bytes Sent        : 0
Offloaded Bytes Received    : 0

Open in new window

It certainly looks like no policy is defined.

Have you confirmed that doesn't have an ipsec policy assigned?
The problem went away, however I am not sure why it happened to start with

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial