Article ID: 2026070 - View products that this article applies to.
You're using the legacy IPsec tools (IPsec MMC or NETSH IPSEC) to configure IPsec policies.
This happens also if an explicit allow rule for the self-to-self traffic is in place.
This is by design. We don't add permit filters in the situation where the source IP address and destination IP address are on the same host.
Use Connection Security Rules and Firewalls Rules configured using the Windows Firewall with Advanced Security (WF.msc) or the NETSH ADVFIREWALL context.
For backwards compatibility the functionality was implemented in Windows Vista and Windows Server 2008 with this Update:
961533 When you use an IPsec rule to block traffic from any IP address to any other IP address, the Self-to-Self connection may be blocked on a Windows Vista-based or a Windows Server 2008-based client computer
(http://go.microsoft.com/fwlink/?LinkId=151500)for other considerations.