If you configure your computer that is running Microsoft Windows XP Professional Service Pack 2 (SP2) as the endpoint of a Tunnel mode Internet Protocol security (IPSec) connection, packets are dropped. This symptom occurs if you turn on the Windows Firewall feature. Additionally, packets are dropped even though you have configured the Windows firewall feature to allow ICMP packets.
This problem occurs because of a problem in the Tcpip.sys file.
For more information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591 How to obtain Microsoft support files from online services
Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file.
No prerequisites are required.
You must restart the computer after you apply this hotfix.
Hotfix replacement information
This hotfix does not replace any other hotfixes.
The English version of this update has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.
Date Time Version Size File name -------------------------------------------------------------- 31-Jan-2005 21:28 5.1.2600.2604 134,912 Ipnat.sys 04-Jan-2005 22:48 5.1.2600.2591 359,296 Tcpip.sys
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
There are two modes for an IPSec connection. They are the transport mode and the tunnel mode. The transport mode is used for client to client connections. The client may be a user workstation or a member server. The tunnel mode is used for gateway to gateway connections.
Note You can configure Windows XP as the endpoint of a tunnel mode IPSec connection. However, we do not recommend this. If you use the IPSec connection in tunnel mode, the Windows XP SP2 Windows Firewall feature does not filter any packets that come out of the IPSec tunnel. However, packets that come from other directions are filtered by the Windows Firewall feature.
For more information about the standard terminology that is used to describe Microsoft software updates, click the following article number to view the article in the Microsoft Knowledge Base:
824684 Description of the standard terminology that is used to describe Microsoft software updates