Check if IPSEC is working

Posted on 2006-03-31
Last Modified: 2013-12-04
I setup policies on a fileserver to use IPsec if requested, but still operate w/o securities if the client doenst request it. (ie, both secure and unsecure communication to the file server)  I've setup an mmc for IPsec monitor, but have no idea how to read the statistics.  How can i tell if ipsec is in effect?
Question by:bjv211
    LVL 12

    Expert Comment

    How to use IPSec monitor in Windows Server 2003:

    How to use IPSec monitor in Windows 2000:;en-us;Q313195&sd=tech

    From the IPSec FAQ at
    For computers running Windows 2000, you can use the IP Security Monitor tool. Click Start, click Run, type ipsecmon.exe, and then click OK SAs are listed in the Security Associations portion of the IP Security Monitor window.

    For computers running Windows XP or Windows Server 2003, you can use the IP Security Monitor snap-in. For more information, see To start the IP Security Policy Management snap-in.

    For computers running Windows XP, you can use the ipseccmd\\computershow all command.

    For computers running Windows Server 2003, you can use the netsh ipsec static show or netsh ipsec dynamic show commands.
    LVL 1

    Author Comment

    all you've done is tell me what I already told you I had done, but I dont know how to read these statistics.  Basically I want a way to know if yes IPsec is in effect or no it is not in effect.  How can i tell that with these tools?
    LVL 12

    Accepted Solution

    The monitoring tools are different for Windows 2000 and XP, so I don't know what statistics you're looking at.

    If you have an active security association that has the same name as the IPSec policy you've created, then the policy is active. If there are no security associations listed, then it's not using IPsec.

    Depending on the filter rules configured in the IPSec policy, an active SA does not imply that all traffic is encrypted.

    The only definitive way to see if there is any unencrypted traffic with the fileserver is to use Network monitor on the dc/fileserver. IPSec traffic appears as ISAKMP and ESP protocols, any other traffic is unencrypted.

    Keep in mind that there are several types of traffic that can't be encrypted using IPSec:

    Also, only client-to-DC and DC-to-DC IPSec traffic is supported. Member server-to-DC IPSec traffic is not supported:

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Better Security Awareness With Threat Intelligence

    See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

    The term "Bad USB" is a buzz word that is usually used when talking about attacks on computer systems that involve USB devices. In this article, I will show what possibilities modern windows systems (win8.x and win10) offer to fight these attacks wi…
    As a Mac user and former AppleCare AHA & Senior Advisor, I'm constantly bombarded with questions about Macs and if they need Antivirus. This short article is my response to those questions.
    To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    11 Experts available now in Live!

    Get 1:1 Help Now