• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2787
  • Last Modified:

Check if IPSEC is working

I setup policies on a fileserver to use IPsec if requested, but still operate w/o securities if the client doenst request it. (ie, both secure and unsecure communication to the file server)  I've setup an mmc for IPsec monitor, but have no idea how to read the statistics.  How can i tell if ipsec is in effect?
0
bjv211
Asked:
bjv211
  • 2
1 Solution
 
Rant32Commented:
How to use IPSec monitor in Windows Server 2003:
http://support.microsoft.com/?kbid=324269

How to use IPSec monitor in Windows 2000:
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q313195&sd=tech

From the IPSec FAQ at http://www.netscum.dk/technet/itsolutions/network/ipsec/ipsecfaq.mspx
For computers running Windows 2000, you can use the IP Security Monitor tool. Click Start, click Run, type ipsecmon.exe, and then click OK SAs are listed in the Security Associations portion of the IP Security Monitor window.

For computers running Windows XP or Windows Server 2003, you can use the IP Security Monitor snap-in. For more information, see To start the IP Security Policy Management snap-in.

For computers running Windows XP, you can use the ipseccmd\\computershow all command.

For computers running Windows Server 2003, you can use the netsh ipsec static show or netsh ipsec dynamic show commands.
0
 
bjv211Author Commented:
all you've done is tell me what I already told you I had done, but I dont know how to read these statistics.  Basically I want a way to know if yes IPsec is in effect or no it is not in effect.  How can i tell that with these tools?
0
 
Rant32Commented:
The monitoring tools are different for Windows 2000 and XP, so I don't know what statistics you're looking at.

If you have an active security association that has the same name as the IPSec policy you've created, then the policy is active. If there are no security associations listed, then it's not using IPsec.

Depending on the filter rules configured in the IPSec policy, an active SA does not imply that all traffic is encrypted.

The only definitive way to see if there is any unencrypted traffic with the fileserver is to use Network monitor on the dc/fileserver. IPSec traffic appears as ISAKMP and ESP protocols, any other traffic is unencrypted.

Keep in mind that there are several types of traffic that can't be encrypted using IPSec:
http://support.microsoft.com/kb/253169

Also, only client-to-DC and DC-to-DC IPSec traffic is supported. Member server-to-DC IPSec traffic is not supported:
http://support.microsoft.com/?kbid=254949
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now