There’s no doubt about; we’re big fans of IPsec at Microsoft. We’ve baked this enabling protocol into a number of cool solutions (e.g. Server and Domain Isolation and Network Access Protection), but for some this could cause a conflict with a third-party IPsec-based VPN client. In some cases, the VPN client will turn off the Windows implementation of IPsec and disable IKE (the key exchange process).
To help customers have the flexibility and choice to mix and match Windows IPsec-based network security solutions with their current VPN solution, we’ve been working with the major remote access vendors to enable co-existence.
First, we published a guide to help those you develop IPsec-based VPN clients support co-existence scenarios: Recommendations for Virtual Private Network Client Coexistence with the Internet Protocol Security Implementation in Microsoft Windows.
With this guide in hand, we then reached out to all the leading vendors to encourage them to follow these fairly easy steps. We already have a bunch that are shipping support (see below for some examples) and suggest you urge your IPsec-based VPN vendor to do the same (if they haven’t already).