You are currently offline, waiting for your internet to reconnect

Self-to-Self traffic is blocked by a Legacy IPsec rule which blocks traffic from any IP address to any other IP address

This article has been archived. It is offered "as is" and will no longer be updated.

You're using the legacy IPsec tools (IPsec MMC or NETSH IPSEC) to configure IPsec policies.
You configured an IPsec rule which blocks traffic from source address "Any IP address" to destination address "Any IP address". As a result the Self-to-self traffic is blocked, so a connection or PING to localhost or a locally assigned IPv4 fails. Using IPv6 it works.

This happens also if an explicit allow rule for the self-to-self traffic is in place.

This is by design. We don't add permit filters in the situation where the source IP address and destination IP address are on the same host.
Use Connection Security Rules and Firewalls Rules configured using the Windows Firewall with Advanced Security (WF.msc) or the NETSH ADVFIREWALL context.
More Information

For backwards compatibility the functionality was implemented in Windows Vista and Windows Server 2008 with this Update:

961533 When you use an IPsec rule to block traffic from any IP address to any other IP address, the Self-to-Self connection may be blocked on a Windows Vista-based or a Windows Server 2008-based client computer

Note This is a "FAST PUBLISH" article created directly from within the Microsoft support organization. The information contained herein is provided as-is in response to emerging issues. As a result of the speed in making it available, the materials may include typographical errors and may be revised at any time without notice. See Terms of Use for other considerations.

Article ID: 2026070 - Last Review: 12/12/2015 08:08:46 - Revision: 4.0

Windows Server 2008 R2 Enterprise, Windows Server 2008 R2 Standard, Windows Server 2008 R2 Foundation, Windows 7 Enterprise, Windows 7 Professional, Windows 7 Ultimate

  • kbnosurvey kbarchive KB2026070