I have 4 windows 2003 DC's with local IPSec policy enabled and port 80/443
allowed through IPSec. the windows update fails on all the 4 DC's. how ever
i can browse the internet properly with out any problem.

If i disable the local IPSec policy then the window update works fine and i
can download the patches.

Any suggestion on what rules to add on the IPSec policy to download the
patches on the DC's ?

thank you