Information Technology Reference
In-Depth Information
> netsh ipsec static show all > display.txt
The following command will display debugging information and statistics about the IPSec
negotiation process:
> netsh ipsec dynamic show all
How It Works
When troubleshooting communication issues on a network that's been configured for IPSec,
you need to determine whether IPSec itself is the cause of the failure, or whether the failure
occurs at another point in the network stack. The quickest way to determine whether your
IPSec configuration is the cause of a network failure is to temporarily disable the active IPSec
policy to see if it corrects the issue, though this obviously has the negative side effect of
removing IPSec security protections from your network.
If you've determined that IPSec is the source of the communications failure on your
network, further troubleshooting will be aided by obtaining as much information about your
current IPSec configuration as possible. You can use the tools listed in this recipe to obtain
configuration and performance information about the IPSec policy of a computer running
Windows Server 2003.
Using a Graphical User Interface
The IPSec Monitor is an MMC snap-in that is installed by default on Windows Server 2003
computers. It provides a graphical view of IPSec statistics, including the name and description
of the active IPSec policy, the Group Policy object through which IPSec has been configured,
and the configuration details of specific filters that are in place.
Note You can also use the built-in Network Monitor utility to obtain a capture of all traffic being sent to
and from a local Windows Server 2003 computer. You can view this captured information through the
Network Monitor GUI, or save it to a text file for further analysis.
Using a Command-Line Interface
Regardless of the technology with which you are working, an important troubleshooting step is
to always obtain an accurate snapshot of your computer's current configuration. The netsh
commands listed in this recipe will display information similar to the following:
FilterAction Details
---------------------
FilterAction Name : NONE
Description : NONE
Store : Local Store <OREILLY1>
AllowUnsecure(Fallback): NO
Inbound Passthrough : NO
Search WWH ::




Custom Search