ICMP packets are dropped even though you have configured the Windows firewall feature to allow ICMP packets on your Windows XP Professional Service Pack 2-based computer (889527)


The information in this article applies to:

  • Microsoft Windows XP Professional SP2

SYMPTOMS

If you configure your computer that is running Microsoft Windows XP Professional Service Pack 2 (SP2) as the endpoint of a Tunnel mode Internet Protocol security (IPSec) connection, packets are dropped. This symptom occurs if you turn on the Windows Firewall feature. Additionally, packets are dropped even though you have configured the Windows firewall feature to allow ICMP packets.

CAUSE

This problem occurs because of a problem in the Tcpip.sys file.

RESOLUTION

Update information

The following files are available for download from the Microsoft Download Center:
DownloadDownload the Update for Windows XP package now.

Release Date: August 4, 2005

For more information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:

119591 How to obtain Microsoft support files from online services

Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file.

Prerequisites

No prerequisites are required.

Restart requirement

You must restart the computer after you apply this hotfix.

Hotfix replacement information

This hotfix does not replace any other hotfixes.

File information

The English version of this update has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.
   Date         Time   Version           Size     File name
   --------------------------------------------------------------
   31-Jan-2005  21:28  5.1.2600.2604     134,912  Ipnat.sys
   04-Jan-2005  22:48  5.1.2600.2591     359,296  Tcpip.sys

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

MORE INFORMATION

There are two modes for an IPSec connection. They are the transport mode and the tunnel mode. The transport mode is used for client to client connections. The client may be a user workstation or a member server. The tunnel mode is used for gateway to gateway connections.

Note You can configure Windows XP as the endpoint of a tunnel mode IPSec connection. However, we do not recommend this. If you use the IPSec connection in tunnel mode, the Windows XP SP2 Windows Firewall feature does not filter any packets that come out of the IPSec tunnel. However, packets that come from other directions are filtered by the Windows Firewall feature.

For more information about the standard terminology that is used to describe Microsoft software updates, click the following article number to view the article in the Microsoft Knowledge Base:

824684 Description of the standard terminology that is used to describe Microsoft software updates

Modification Type:MinorLast Reviewed:6/1/2006
Keywords:kbQFE kbHotfixServer kbWinXPpreSP3fix kbWinXPsp3fix kbfix kbbug KB889527 kbAudITPRO
©2004 Microsoft Corporation. All rights reserved.