Check if IPSEC is working

I setup policies on a fileserver to use IPsec if requested, but still operate w/o securities if the client doenst request it. (ie, both secure and unsecure communication to the file server)  I've setup an mmc for IPsec monitor, but have no idea how to read the statistics.  How can i tell if ipsec is in effect?
LVL 1
bjv211Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Rant32Commented:
How to use IPSec monitor in Windows Server 2003:
http://support.microsoft.com/?kbid=324269

How to use IPSec monitor in Windows 2000:
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q313195&sd=tech

From the IPSec FAQ at http://www.netscum.dk/technet/itsolutions/network/ipsec/ipsecfaq.mspx
For computers running Windows 2000, you can use the IP Security Monitor tool. Click Start, click Run, type ipsecmon.exe, and then click OK SAs are listed in the Security Associations portion of the IP Security Monitor window.

For computers running Windows XP or Windows Server 2003, you can use the IP Security Monitor snap-in. For more information, see To start the IP Security Policy Management snap-in.

For computers running Windows XP, you can use the ipseccmd\\computershow all command.

For computers running Windows Server 2003, you can use the netsh ipsec static show or netsh ipsec dynamic show commands.
0
bjv211Author Commented:
all you've done is tell me what I already told you I had done, but I dont know how to read these statistics.  Basically I want a way to know if yes IPsec is in effect or no it is not in effect.  How can i tell that with these tools?
0
Rant32Commented:
The monitoring tools are different for Windows 2000 and XP, so I don't know what statistics you're looking at.

If you have an active security association that has the same name as the IPSec policy you've created, then the policy is active. If there are no security associations listed, then it's not using IPsec.

Depending on the filter rules configured in the IPSec policy, an active SA does not imply that all traffic is encrypted.

The only definitive way to see if there is any unencrypted traffic with the fileserver is to use Network monitor on the dc/fileserver. IPSec traffic appears as ISAKMP and ESP protocols, any other traffic is unencrypted.

Keep in mind that there are several types of traffic that can't be encrypted using IPSec:
http://support.microsoft.com/kb/253169

Also, only client-to-DC and DC-to-DC IPSec traffic is supported. Member server-to-DC IPSec traffic is not supported:
http://support.microsoft.com/?kbid=254949
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
OS Security

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.