How to disable TCP offloading when using IPsec

IPsec is not compatible with TCP offloading (called TCP Chimney Offload on the Windows Server platform) so if you’re using IPsec for domain or server isolation in a Windows Server environment then you will want to disable TCP offloading on both your network adapter properties and in the registry where TCP/IP parameters are stored.

There are two ways you can easily do this. First, you can yse the Netsh command at a command prompt like this:

netsh int tcp set global rss=disabled

netsh int tcp set global chimney=disabled

Alternatively, you use the REG ADD command to modify the registry like this:

REG ADD HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters  /v EnableTCPA /t REG_DWORD /d 0

REG ADD HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters  /v NetDMA /t REG_DWORD /d 0

Mitch is a ten-time recipient of the Microsoft Most Valuable Professional (MVP) award and a widely recognized expert on Windows Server and cloud computing technologies.  For more information see

About The Author

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top