Microsoft Windows Server 2003 - Restore XP's IPSec/NAT Capability


Windows XP Service Pack 2 changes XP's default behavior to prevent it from establishing IPSec/NAT-T security associations to servers behind a NAT device. This is done to prevent an uncommon, but theoretically possible security risk. However, it also forces XP clients to use PPTP for VPN connections, which presents security disadvantages of its own.


If, after assessing your network's security needs, you decide the security advantages of using L2TP/IPSec outweigh the risk of NAT-T, you can restore XP's ability to make these connections. Article ID 885407 in the Microsoft Knowledge Base at https://support.microsoft.com/en-us tells you what you need to do to modify this behavior.

Go back