IPSEC Policy Agent

Description:

Manages the Internet Protocol Security (IPSec) policy & starts the Internet Security Association Key Management Protocol (ISAKMP) / Oakley Internet Key Exchange (IKE) & the IP security driver.

The IP Security driver captures/examines IP traffic and uses the IPSec policies to decide whether to block/filter, permit or encrypt (F.ex. Layer Two Tunneling Protocol - L2TP) the traffic. When changing a policy the IPSec Policy Agent is responsible for updating the IP Security Driver. The service listens on UDP port 500 (ISAKMP) and UDP port 4500 (NAT-T).

The IP Security driver can be used with the Remote Access Connection Manager (Rasman), to provide secure VPN connections.

Note in Win2k if not having installed “Client for Microsoft Networks” for the Network Adapter (Don’t need to be bound), then the service will not start and instead give the following error without any entries in the Event Log:

Could not start the IPSEC Policy Agent service on Local Computer.
The service did not return an error. This could be an internal Windows error or an internal service error. If the problem persists, contact your system administrator.

Note if IPSec Policies are corrupted (Reload from .ipsec file), or a 3rd Party IPSec/VPN software is installed (Uninstall it), then it might give the following error in the Event Log:

*IPSEC PolicyAgent Service couldn’t be started: Driver failed to start.
Source: PolicyAgent
EventID: 321

IPSEC PolicyAgent Service couldn’t be started: Oakley failed to start.
Source: PolicyAgent
EventID: 319*

More Info MS KB231585
More Info MS KB234580
More Info MS KB240262
More Info MS KB247231
More Info MS KB248750
More Info MS KB252735
More Info MS KB253169
More Info MS KB257225
More Info MS KB259335
More Info MS KB265112
More Info MS KB314831
More Info MS KB810207
More Info MS KB811832
More Info MS KB813878
More Info MS KB816514

Recommended State:

• Disabled, if on a simple home network.
• Automatic, if connected to a Windows domain..

Default State:

• Win8: Manual (Trigger Start - FIREWALL PORT EVENT).
• Win7: Manual.
• Vista: Automatic.
• Win2k3: Automatic.
• WinXP: Manual.
• Win2k: Automatic.

Process Name:

• Win8/Win7/Vista: svchost.exe -k NetworkServiceNetworkRestricted (PolicyAgent)
• WinXP/Win2k3/Win2k: lsass.exe (PolicyAgent)

Supports:

• None

Depends:

• Base Filtering Engine (Vista+)
• Remote Procedure Call (RPC)