Logo
programming4us
programming4us
programming4us
programming4us
Home
programming4us
XP
programming4us
Windows Vista
programming4us
Windows 7
programming4us
Windows Azure
programming4us
Windows Server
programming4us
Windows Phone
 
Windows Server

Windows Server 2012 : Configuring IPsec (part 7) - Configuring connection security rules - Monitoring IPsec

- Free product key for windows 10
- Free Product Key for Microsoft office 365
- Malwarebytes Premium 3.7.1 Serial Keys (LifeTime) 2019
10/20/2014 9:28:46 PM

Monitoring IPsec

After you create and configure connection security rules, you can use both the Windows Firewall with Advanced Security snap-in and Windows PowerShell to monitor IPsec communications between the local computer and other computers on the network.

As Figure 13 shows, you can select the Connection Security Rules node under the Monitoring node to view all active connection security rules configured on the computer. This includes rules created manually on the computer and rules configured by Group Policy targeting the computer. To view more information about any rule, right-click on the rule and select Properties.

Viewing active connection security rules on the computer.
Figure 13. Viewing active connection security rules on the computer.

As Figure 14 shows, you can select the Main Mode node under the Connection Security Rules node to view all active main mode SAs and their endpoints, authentication methods, and other properties.

Viewing active main mode SAs on the computer.
Figure 14. Viewing active main mode SAs on the computer.

As Figure 15 shows, you can select the Quick Mode node under the Connection Security Rules node to view all active quick mode SAs and their endpoints, ports, protocols, and other properties.

Viewing active quick mode SAs on the computer.
Figure 15. Viewing active quick mode SAs on the computer.

You can also use Windows PowerShell to view active SAs on the local computer or a remote computer. For example, you can use the Get-NetIPsecMainModeSA to view a list of active main mode SAs for the local computer as follows:

PS C:\> Get-NetIPsecMainModeSA

Name : 246
LocalEndpoint : 172.16.11.230
RemoteEndpoint : 172.16.11.240
LocalFirstId.Identity :
LocalFirstId.ImpersonationType : None
LocalFirstId.AuthenticationMethod : PresharedKey
LocalFirstId.Flags : None
RemoteFirstId.Identity :
RemoteFirstId.ImpersonationType : None
RemoteFirstId.AuthenticationMethod : PresharedKey
RemoteFirstId.Flags : None
LocalSecondId.Identity :
LocalSecondId.ImpersonationType :
LocalSecondId.AuthenticationMethod :
LocalSecondId.Flags :
RemoteSecondId.Identity :
RemoteSecondId.ImpersonationType :
RemoteSecondId.AuthenticationMethod :
RemoteSecondId.Flags :
CipherAlgorithm : AES128
HashAlgorithm : SHA1
GroupId : DH2
KeyModule : IkeV1
MaxQMSAs : 0
LifetimeSeconds : 28800
LocalUdpEncapsulationPort :
RemoteUdpEncapsulationPort :
ExtendedFilterId : 0

As a second example, you can use the Get-NetIPsecQuickModeSA to view a list of active quick mode SAs for the local computer like this:

PS C:\> Get-NetIPsecQuickModeSA

Name : 1
LocalEndpoint : 172.16.11.230
RemoteEndpoint : 172.16.11.240
TransportLayerFilterName : HOST4 to HOST7
EncapsulationMode : Transport
Direction : Inbound
LocalPort : 0
RemotePort : 0
IpProtocol : 0
InterfaceAlias : vEthernet (CONTOSO Virtual Switch)
RealIfProfileId : 3
LocalUdpEncapsulationPort :
RemoteUdpEncapsulationPort :
SPI : 1339644182
FirstTransformType : EspAuth
FirstIntegrityAlgorithm : SHA1
FirstCipherAlgorithm : None
SecondSpi :
SecondTransformType : None
SecondIntegrityAlgorithm : None
SecondCipherAlgorithm : None
Flags : NdBoundary, NoExplicitCredMatch, AllowNullTargetNameMatch,
NdPeerBoundary, PeerSupportsGuaranteeEncryption
MmSaId : 246
PfsGroupId : None
PeerV4PrivateAddress : 0.0.0.0
QuickModeFilterid : 76478
LifetimeSeconds : 3600
LifetimeKilobytes : 100000
LifetimePackets : 2147483647
IdleDurationSeconds : 300
NdAllowClearTimeoutSeconds : 10
NapContext : 0
QmSaId : 2592036190
VirtualIfTunnelId : 0
TrafficSelectorId : 0
MmTargetName :
EmTargetName :
ExplicitCredentials :

Name : 1
LocalEndpoint : 172.16.11.230
RemoteEndpoint : 172.16.11.240
TransportLayerFilterName : HOST4 to HOST7
EncapsulationMode : Transport
Direction : Outbound
LocalPort : 0
RemotePort : 0
IpProtocol : 0
InterfaceAlias : vEthernet (CONTOSO Virtual Switch)
RealIfProfileId : 3
LocalUdpEncapsulationPort :
RemoteUdpEncapsulationPort :
SPI : 928181826
FirstTransformType : EspAuth
FirstIntegrityAlgorithm : SHA1
FirstCipherAlgorithm : None
SecondSpi :
SecondTransformType : None
SecondIntegrityAlgorithm : None
SecondCipherAlgorithm : None
Flags : NdBoundary, NoExplicitCredMatch, AllowNullTargetNameMatch,
NdPeerBoundary, PeerSupportsGuaranteeEncryption
MmSaId : 246
PfsGroupId : None
PeerV4PrivateAddress : 0.0.0.0
QuickModeFilterid : 76478
LifetimeSeconds : 3600
LifetimeKilobytes : 100000
LifetimePackets : 2147483647
IdleDurationSeconds : 300
NdAllowClearTimeoutSeconds : 10
NapContext : 0
QmSaId : 2592036190
VirtualIfTunnelId : 0
TrafficSelectorId : 0
MmTargetName :
EmTargetName :
ExplicitCredentials :

Note

REAL WORLD Connection security operational logs

Another useful source for viewing information about IPsec policy changes for Windows Firewall with Advanced Security is the operational log found here in Event Viewer:

Applications and Services Logs/Microsoft/Windows/Windows Firewall with
Advanced Security/ConnectionSecurity

You can also enable the ConnectionSecurityVerbose operational log if you need more detailed information about IPsec policy events.

Other -----------------
- Microsoft Lync Server 2013 : Director Troubleshooting (part 3) - Synthetic Transactions,Telnet
- Microsoft Lync Server 2013 : Director Troubleshooting (part 2) - DNS Records, Logs
- Microsoft Lync Server 2013 : Director Troubleshooting (part 1) - Redirects, Certificates
- Microsoft Lync Server 2013 : Administration of the Director Role (part 4) - Services Management, Client Version Filter
- Microsoft Lync Server 2013 : Administration of the Director Role (part 3) - Topology Status
- Microsoft Lync Server 2013 : Administration of the Director Role (part 2) - Ports,Firewall Rules
- Microsoft Lync Server 2013 : Administration of the Director Role (part 1) - Services
- Microsoft Lync Server 2013 : Configuring the Director (part 2) - Web Services Ports,Reverse Proxy
- Microsoft Lync Server 2013 : Configuring the Director (part 1) - SRV Records, Web Services FQDN Overrides
- Sharepoint 2013 : SharePoint Designer 2013 (part 2) - Locking Down SharePoint Designer
 
 
Top 10
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
- Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
- Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
 
programming4us
Windows Vista
programming4us
Windows 7
programming4us
Windows Azure
programming4us
Windows Server