Professional Documents
Culture Documents
Module 10: Monitoring and Troubleshooting Ipsec
Module 10: Monitoring and Troubleshooting Ipsec
and Troubleshooting
IPsec
Module Overview
• Monitoring IPsec Activity
• Troubleshooting IPsec
Lesson 1: Monitoring IPsec Activity
• Tools used to Monitor IPsec
• MMC snap-in
IP Security Monitor
• Administrators can monitor local and remote IPsec
policy usage
• Only available in Windows 2000
• Command-line tool
IPsecmon
• Reduced level of information available for
troubleshooting
Windows Firewall
with Advanced New in Windows Vista and Windows Server 2008
Security MMC
• Trace file found in: systemroot\debug\oakley.log
Detailed IKE tracing
using Netsh • Enabled in Windows XP and Windows 2000 through
Registry modification
Using IP Security Monitor to Monitor IPsec
• Troubleshooting IKE
Stop the IPsec Policy Agent and use the ping command to
1 verify communications
• Success:
• 541 - IKE Main Mode or Quick Mode established
• 542 - IKE Quick Mode was deleted
• 543 - IKE Main Mode was deleted
• Information Log Entries:
• Largely pertains to monitoring for denial of service attacks
• There might not be any errors but resources will
run low, which affects performance for legitimate clients
• Quick Mode audit failures are denoted with 547 error message
Lab: Monitoring and Troubleshooting IPsec
• Exercise 1: Monitoring IPsec Connectivity
Logon information
6421A-NYC-DC1 and
Virtual machine 6421A-NYC-SVR1
• Best Practices