Microsoft small business knowledge base

Article ID: 889527 - Last Review: June 20, 2014 - Revision: 5.0

Hotfix Download Available
View and request hotfix downloads

On This Page


If you configure your computer that is running Microsoft Windows XP Professional Service Pack 2 (SP2) as the endpoint of a Tunnel mode Internet Protocol security (IPSec) connection, packets are dropped. This symptom occurs if you turn on the Windows Firewall feature. Additionally, packets are dropped even though you have configured the Windows firewall feature to allow ICMP packets.


This problem occurs because of a problem in the Tcpip.sys file.


Update information

The following files are available for download from the Microsoft download center:
Collapse this imageExpand this image
Download the Update for Windows XP package now. (

Release Date: August 4, 2005

For more information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591  ( ) How to obtain Microsoft support files from online services
Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file.


No prerequisites are required.

Restart requirement

You must restart the computer after you apply this hotfix.

Hotfix replacement information

This hotfix does not replace any other hotfixes.

File information

The English version of this update has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.
   Date         Time   Version           Size     File name
   31-Jan-2005  21:28  5.1.2600.2604     134,912  Ipnat.sys
   04-Jan-2005  22:48  5.1.2600.2591     359,296  Tcpip.sys


Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

More information

There are two modes for an IPSec connection. They are the transport mode and the tunnel mode. The transport mode is used for client to client connections. The client may be a user workstation or a member server. The tunnel mode is used for gateway to gateway connections.

Note You can configure Windows XP as the endpoint of a tunnel mode IPSec connection. However, we do not recommend this. If you use the IPSec connection in tunnel mode, the Windows XP SP2 Windows Firewall feature does not filter any packets that come out of the IPSec tunnel. However, packets that come from other directions are filtered by the Windows Firewall feature.

For more information about the standard terminology that is used to describe Microsoft software updates, click the following article number to view the article in the Microsoft Knowledge Base:
824684  ( ) Description of the standard terminology that is used to describe Microsoft software updates
atdownload kbqfe kbhotfixserver kbwinxppresp3fix kbwinxpsp3fix kbfix kbbug KB889527
Additional support options
Ask The Microsoft Small Business Support Community
Contact Microsoft Small Business Support
Find Microsoft Small Business Support Certified Partner
Find a Microsoft Store For In-Person Small Business Support