I'm having interop issues with Vista IPsec IPv6 Tunnel mode. It seems that on IPv6 Tunnel mode is broken. Packet captures show that on outgoing packet from Vista, the packets are NOT encrypted. I tested Vista against Windows 7 Tunnel mode IPv6 using traffic with Windows 7 as ftp client and Vista as ftp server. IKE keys are successful on both Main mode and Quick mode but Vista is sending plaintext TCP traffic to Windows7. It should be sending ESP packets. I have Require inbound and outbound Authentication method using PSK ESP 3DES SHA1 DHgroup2 and ICMP exempt. Tested IPv4 Tunnel mode -- Pass. and IPv6 transport mode -- Pass. Bug only on IPv6 Tunnel mode. My questions: 1. Is this a known issue? I'm using SP2 but it didn't fix this tunnel mode outgoing encryption problem. It did however fix the Tunnel mode IPv6 IKE negotiation problems. 2. Is there a fix or workaround?

Hi, Thanks for posting! In tunnel mode, there is no need for client software to run on the gateway and the communication between client systems and gateways are not protected. Regards, Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Hi Magon This behavior is different from Windows 2008 and Windows 7 that Vista is sending plaintext outgoing packets out even though its suppose to be protected by IPsec policy. In Windows 2008 and Windows 7, the outgoing packets are ESP. I really think this is a bug.

You say the traffic is not encrypted, but is it tunneled? If it is tunneled and not encrypted, ensure that you are not using ESP-NULL. If it is not tunneled, then the rule is not being enforced on the traffic for some reason. Verify that your rule has the correct filters being applied. Also note that tunnel-mode rules cannot be applied to specific ports. In either case, a WFP trace may be helpful here. http://the.techy.dstro.com/ikelogs Thanks, Daniel