Article ID: 889527
If you configure your computer that is running Microsoft Windows XP Professional Service Pack 2 (SP2) as the endpoint of a Tunnel mode Internet Protocol security (IPSec) connection, packets are dropped. This symptom occurs if you turn on the Windows Firewall feature. Additionally, packets are dropped even though you have configured the Windows firewall feature to allow ICMP packets.
Update informationThe following files are available for download from the Microsoft download center:
Download the Update for Windows XP package now.
Collapse this imageExpand this image
Release Date: August 4, 2005
For more information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file.
(http://support.microsoft.com/kb/119591/ )How to obtain Microsoft support files from online services
PrerequisitesNo prerequisites are required.
Restart requirementYou must restart the computer after you apply this hotfix.
Hotfix replacement informationThis hotfix does not replace any other hotfixes.
File informationThe English version of this update has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.
Date Time Version Size File name -------------------------------------------------------------- 31-Jan-2005 21:28 5.1.2600.2604 134,912 Ipnat.sys 04-Jan-2005 22:48 5.1.2600.2591 359,296 Tcpip.sys
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
There are two modes for an IPSec connection. They are the transport mode and the tunnel mode. The transport mode is used for client to client connections. The client may be a user workstation or a member server. The tunnel mode is used for gateway to gateway connections.
Note You can configure Windows XP as the endpoint of a tunnel mode IPSec connection. However, we do not recommend this. If you use the IPSec connection in tunnel mode, the Windows XP SP2 Windows Firewall feature does not filter any packets that come out of the IPSec tunnel. However, packets that come from other directions are filtered by the Windows Firewall feature.
For more information about the standard terminology that is used to describe Microsoft software updates, click the following article number to view the article in the Microsoft Knowledge Base:
(http://support.microsoft.com/kb/824684/ )Description of the standard terminology that is used to describe Microsoft software updates