We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you two Citrix podcasts. Learn about 2020 trends and get answers to your biggest Citrix questions!Listen Now

x

Check if IPSEC is working

bjv211
bjv211 asked
on
Medium Priority
3,142 Views
Last Modified: 2013-12-04
I setup policies on a fileserver to use IPsec if requested, but still operate w/o securities if the client doenst request it. (ie, both secure and unsecure communication to the file server)  I've setup an mmc for IPsec monitor, but have no idea how to read the statistics.  How can i tell if ipsec is in effect?
Comment
Watch Question

Commented:
How to use IPSec monitor in Windows Server 2003:
http://support.microsoft.com/?kbid=324269

How to use IPSec monitor in Windows 2000:
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q313195&sd=tech

From the IPSec FAQ at http://www.netscum.dk/technet/itsolutions/network/ipsec/ipsecfaq.mspx
For computers running Windows 2000, you can use the IP Security Monitor tool. Click Start, click Run, type ipsecmon.exe, and then click OK SAs are listed in the Security Associations portion of the IP Security Monitor window.

For computers running Windows XP or Windows Server 2003, you can use the IP Security Monitor snap-in. For more information, see To start the IP Security Policy Management snap-in.

For computers running Windows XP, you can use the ipseccmd\\computershow all command.

For computers running Windows Server 2003, you can use the netsh ipsec static show or netsh ipsec dynamic show commands.

Author

Commented:
all you've done is tell me what I already told you I had done, but I dont know how to read these statistics.  Basically I want a way to know if yes IPsec is in effect or no it is not in effect.  How can i tell that with these tools?
Commented:
The monitoring tools are different for Windows 2000 and XP, so I don't know what statistics you're looking at.

If you have an active security association that has the same name as the IPSec policy you've created, then the policy is active. If there are no security associations listed, then it's not using IPsec.

Depending on the filter rules configured in the IPSec policy, an active SA does not imply that all traffic is encrypted.

The only definitive way to see if there is any unencrypted traffic with the fileserver is to use Network monitor on the dc/fileserver. IPSec traffic appears as ISAKMP and ESP protocols, any other traffic is unencrypted.

Keep in mind that there are several types of traffic that can't be encrypted using IPSec:
http://support.microsoft.com/kb/253169

Also, only client-to-DC and DC-to-DC IPSec traffic is supported. Member server-to-DC IPSec traffic is not supported:
http://support.microsoft.com/?kbid=254949

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.