Outbound firewall rule with “Allow only secure connections” drops IKE/AuthIP packets
In Windows Firewall with Advanced Security, you configure an outbound firewall rule which requires the corresponding traffic to be authenticated and optionally encrypted. This is done by either enabling “Allow only secure connections” in the user interface or by using “NETSH ADVFIREWALL” at a Command Prompt with the arguments “security=authenticate” or “security=authenc”.
A corresponding Connection Security (IPsec) rule is configured.
Attempting communication with a host that meets the criteria for the rule you created will fail.
For more information on this issue, including potential causes, workarounds, and resolutions, see: Microsoft KB Article KB2273643.