Vista IPSEC and NAT - Network

This is a discussion on Vista IPSEC and NAT - Network ; We have a lot of IPSEC tunnel clients with Windows XP behind NAT working fine (home offices, cell phone clients, ...). Tests with Vista SP1 are showing that build-in IPSEC / NAT doesn't work any longer (without NAT it still ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: Vista IPSEC and NAT

  1. Vista IPSEC and NAT

    We have a lot of IPSEC tunnel clients with Windows XP behind NAT
    working fine (home offices, cell phone clients, ...). Tests with Vista
    SP1 are showing that build-in IPSEC / NAT doesn't work any longer
    (without NAT it still does).

    I found the solution http://support.microsoft.com/kb/944335/en-us
    saying that it is by design.

    Compared to XP this is an unacceptable regression, Vista claims it
    supports RFC 3947 and doesn't? Is there a registry key to enable the
    well known behaviour?

    Daniel

  2. Re: Vista IPSEC and NAT

    > Compared to XP this is an unacceptable regression, Vista claims it
    > supports RFC 3947 and doesn't? Is there a registry key to enable the
    > well known behaviour?


    yes indeed it is a huge bug this. Not a 'by design' feature.



  3. Re: Vista IPSEC and NAT

    "Marco Berizzi" wrote in message
    news:O4oxrMkcIHA.5164@TK2MSFTNGP03.phx.gbl...
    >> Compared to XP this is an unacceptable regression, Vista claims it
    >> supports RFC 3947 and doesn't? Is there a registry key to enable the
    >> well known behaviour?

    >
    > yes indeed it is a huge bug this. Not a 'by design' feature.


    Maybe - but the KB article makes it sound like they've found a situation in
    which you could be talking to one machine when you think that you're talking
    to another. That's not a healthy situation for any security-related protocol
    to put itself in.

    Oh, well, hey, lookee here:

    http://support.microsoft.com/kb/885348

    That seems to describe exactly this sort of situation.

    Alun.
    ~~~~


+ Reply to Thread