Vista IPSEC and NAT

We have a lot of IPSEC tunnel clients with Windows XP behind NAT
working fine (home offices, cell phone clients, ...). Tests with Vista
SP1 are showing that build-in IPSEC / NAT doesn't work any longer
(without NAT it still does).

I found the solution http://support.microsoft.com/kb/944335/en-us
saying that it is by design.

Compared to XP this is an unacceptable regression, Vista claims it
supports RFC 3947 and doesn't? Is there a registry key to enable the
well known behaviour?

Daniel

> Compared to XP this is an unacceptable regression, Vista claims it
> supports RFC 3947 and doesn't? Is there a registry key to enable the
> well known behaviour?

yes indeed it is a huge bug this. Not a 'by design' feature.

"Marco Berizzi" wrote in message
news:O4oxrMkcIHA.5164@TK2MSFTNGP03.phx.gbl...
>> Compared to XP this is an unacceptable regression, Vista claims it
>> supports RFC 3947 and doesn't? Is there a registry key to enable the
>> well known behaviour?
>
> yes indeed it is a huge bug this. Not a 'by design' feature.

Maybe - but the KB article makes it sound like they've found a situation in
which you could be talking to one machine when you think that you're talking
to another. That's not a healthy situation for any security-related protocol
to put itself in.

Oh, well, hey, lookee here:

http://support.microsoft.com/kb/885348

That seems to describe exactly this sort of situation.

Alun.
~~~~

Vista IPSEC and NAT - Network

Thread: Vista IPSEC and NAT

LinkBack

Tools

Vista IPSEC and NAT

Re: Vista IPSEC and NAT

Re: Vista IPSEC and NAT