Microsoft KB Archive/889527

= ICMP packets are dropped even though you have configured the Windows firewall feature to allow ICMP packets on your Windows XP Professional Service Pack 2-based computer =

Article ID: 889527

Article Last Modified on 8/23/2007

-

APPLIES TO


 * Microsoft Windows XP Professional

-





SYMPTOMS
If you configure your computer that is running Microsoft Windows XP Professional Service Pack 2 (SP2) as the endpoint of a Tunnel mode Internet Protocol security (IPSec) connection, packets are dropped. This symptom occurs if you turn on the Windows Firewall feature. Additionally, packets are dropped even though you have configured the Windows firewall feature to allow ICMP packets.



CAUSE
This problem occurs because of a problem in the Tcpip.sys file.



Update information
The following files are available for download from the Microsoft download center:

Download the Update for Windows XP package now.

Release Date: August 4, 2005

For more information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:

119591 How to obtain Microsoft support files from online services

Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file.

Prerequisites
No prerequisites are required.

Restart requirement
You must restart the computer after you apply this hotfix.

Hotfix replacement information
This hotfix does not replace any other hotfixes.

File information
The English version of this update has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.   Date         Time   Version           Size     File name --  31-Jan-2005  21:28  5.1.2600.2604     134,912  Ipnat.sys 04-Jan-2005 22:48  5.1.2600.2591     359,296  Tcpip.sys



STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the &quot;Applies to&quot; section.



MORE INFORMATION
There are two modes for an IPSec connection. They are the transport mode and the tunnel mode. The transport mode is used for client to client connections. The client may be a user workstation or a member server. The tunnel mode is used for gateway to gateway connections.

Note You can configure Windows XP as the endpoint of a tunnel mode IPSec connection. However, we do not recommend this. If you use the IPSec connection in tunnel mode, the Windows XP SP2 Windows Firewall feature does not filter any packets that come out of the IPSec tunnel. However, packets that come from other directions are filtered by the Windows Firewall feature.

For more information about the standard terminology that is used to describe Microsoft software updates, click the following article number to view the article in the Microsoft Knowledge Base:

824684 Description of the standard terminology that is used to describe Microsoft software updates

Keywords: atdownload kbqfe kbhotfixserver kbwinxppresp3fix kbwinxpsp3fix kbfix kbbug KB889527

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.