Re: IPSEC changes in Service Pack 2

From: Mark Swift [MSFT] (mswif_at_online.microsoft.com)
Date: 08/24/04

Next message: Mark Swift [MSFT]: "Re: Windows XP IPSec client with 3rd party CSP"
Previous message: Cari \(MS MVP\): "Re: SP2 update causes no boot."
In reply to: Christopher Black [MSFT]: "Re: IPSEC changes in Service Pack 2"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 24 Aug 2004 14:40:52 -0700

IPsec in XPSP2 now automatically opens up holes in the Windows Firewall if
there is policy assigned. It also closes them if policy is then unassigned.

-- 
Mark Swift
Software Test Engineer
IP Security
Windows Networking
Microsoft
This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at 
http://www.microsoft.com/info/cpyright.htm
-- 
"Christopher Black [MSFT]" <christb-nospam@microsoft.com> wrote in message 
news:%232EUBUAfEHA.904@TK2MSFTNGP09.phx.gbl...
> IPsec requires that inbound traffic be allowed to UPD-500 (and UDP-4500). 
> The default state of the Windows firewall (that is now on by default) will 
> block the inbound UDP500/4500 traffic. You should add a rule to allow 
> inbound traffic on these ports.
>
> "Jones" <anonymous@discussions.microsoft.com> wrote in message 
> news:161a01c47bbe$a5275ec0$a401280a@phx.gbl...
>> We use  a small utility from a company called ReefEdge
>> that authenticates users and allows access to our wireless
>> network.  It is called the MDU or Mobile Domain Utility
>> client.  Basically, using IPSEC it authenticates a user's
>> domain login and allows a user to use the wireless
>> network.  After installing Windows XP Service Pack 2, it
>> no longer works.  Uninstalling SP2 fixes the issue.  So
>> what is changed with IPSec in SP 2 that may be causing
>> this problem?
>>
>> Any ideas....?
>>
>> -Jones
>
>

Next message: Mark Swift [MSFT]: "Re: Windows XP IPSec client with 3rd party CSP"
Previous message: Cari \(MS MVP\): "Re: SP2 update causes no boot."
In reply to: Christopher Black [MSFT]: "Re: IPSEC changes in Service Pack 2"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: IPSEC changes in Service Pack 2
... IPsec requires that inbound traffic be allowed to UPD-500. ... The default state of the Windows firewall will ... > network. ... It is called the MDU or Mobile Domain Utility ...
(microsoft.public.windowsxp.security_admin)
Re: sysvol replication breaks when IPSec running between DCs & fir
... IPSec" as per as per Steve Riley ... I do not know how to write a firewall rule to ensure that IP ... Riley says you can "Encapsulate domain controller traffic inside ... the IPsec exists underneath the Windows Firewall ...
(microsoft.public.windows.server.active_directory)
Re: sysvol replication breaks when IPSec running between DCs & firewal
... The FRS replication between DCs blocks when you enable the IPSec to encrypt ... IPSec traffic to pass? ... the IPsec exists underneath the Windows Firewall ... for domain controller group in the domain. ...
(microsoft.public.windows.server.active_directory)
Re: ipsec between 2 XP machine doesnt work
... Possibly you don't have compatible settings for quick mode which is where ... Ipsec will not work without configuring the ... Windows Firewall ipsec exemption. ...
(microsoft.public.windowsxp.security_admin)
Re: IPSEC
... Except that there is no Windows Firewall in Windows 2000. ... > More specific filter actions will win.... ... Ipsec is a good way to learn how to setup basic ... >> allow any traffic in with a source port of 80 TCP. ...
(microsoft.public.win2000.security)