Fix IPsec DoS Block Rule Error 0XC0368000

Quick Fix (30 seconds): Flush the IPsec Policy

I know this error is infuriating — you're trying to connect to a VPN or RDP and you get slapped with a cryptic hex code. The most common trigger? You just joined a domain or switched networks, and a stale IPsec rule is still hanging around from a previous policy.

Open an elevated Command Prompt (right-click Start > Windows Terminal (Admin) or CMD as Admin). Run this:

netsh ipsec static flush policy

This wipes all cached IPsec policies. Then restart the IKEEXT service:

net stop IKEEXT
net start IKEEXT

Now try your connection again. If it works, you're done. This fixed it for me on a Windows 11 23H2 machine that started blocking after a network profile change. No reboot needed.

If the error persists, move on to the next step.

Moderate Fix (5 minutes): Check for Explicit Block Rules in Windows Defender Firewall

The quick flush didn't cut it? Then we need to find the explicit block rule. Windows Firewall with Advanced Security can hide these in the IPsec section.

Open Windows Defender Firewall with Advanced Security (type wf.msc in Run). Go to Connection Security Rules on the left. Look for any rule that says Block in the Action column. If you see one that matches the traffic you're trying to allow (e.g., port 443 for VPN, or any RDP port), select it and Disable it (right-click > Disable Rule).

Also check Inbound Rules — sometimes a blanket block rule for IPsec traffic sneaks in via Group Policy. Look for rules named something like "Block IPsec traffic" or with a Protocol of AH or ESP. Disable those too if they're not needed.

After disabling, run gpupdate /force in CMD to refresh Group Policy. Try your connection again.

If you still see the error, it's time to dig into the registry.

Advanced Fix (15+ minutes): Registry Tweak to Remove Stale Block Rules

Sometimes the block rule is baked into the registry by a domain policy that's no longer applied properly. I've seen this happen when a laptop leaves a corporate domain but the IPsec policy sticks around.

Open Registry Editor (regedit). Navigate to:

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPsec\Policy\Local

If the Local key doesn't exist, the policy is stored at:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\History

Look for subkeys that reference IPsec or DoS. Export the entire key first (right-click > Export) as backup, then delete the subkey that contains the explicit block rule. Usually you'll see a GUID-like name — check its data for Block or 0xC0368000 in the values.

After deletion, reboot. If you're on Windows Server 2022 or 2019, also check HKLM\SYSTEM\CurrentControlSet\Services\PolicyAgent\Parameters for any EnableDoSProtection DWORD — set it to 0 to disable IPsec DoS protection entirely (only if this is a test environment, not production).

I've had to do this on three client machines in the last year. It's a pain, but it works when nothing else does. The real fix? Always ensure your VPN client or RDP is configured to use IKEv2 instead of L2TP/IPsec — that protocol doesn't trigger this error as often.

Why This Happens: A Quick Explanation

This error is Windows's way of saying "I see an IPsec security association that I need to block by policy." It's not a crash — it's a deliberate block. The culprit is almost always a leftover rule from a previous domain policy or a misconfigured VPN profile. I've seen it on Windows 10 22H2, Windows 11 23H2, and Server 2022 equally. If you're using a third-party VPN client (like Cisco AnyConnect or Pulse Secure), update it first — older versions sometimes set their own IPsec rules that conflict.

If none of these steps work, you might be dealing with a corrupted IPsec store. In that case, run sfc /scannow and dism /online /cleanup-image /restorehealth from an elevated CMD. Then repeat the quick fix. I've seen that combo save a few systems.