You've implemented IPsec to protect traffic on your organization's LAN, and although you've followed all the technical documents carefully, you aren't convinced that the traffic on your network is actually protected from eavesdroppers. How can you reassure yourself that IPsec is truly encrypting your computers' network traffic?
Let's take a look at how to ensure that everything's running smoothly, then—should you discover problems in the process—look at the larger picture of troubleshooting IPsec-related authentication problems. In the process, I'll show you some built-in Windows Server 2003 tools that you can use to diagnose IPsec problems if you do find that your traffic isn't encrypted. (Note, however, that the techniques I discuss in this article don't necessarily apply to special IPsec applications, such as IPsec cards and VPN-based IPsec.)
1. Checking Whether IPsec Is Working
Even if you've successfully deployed IPsec, a lot can go wrong with it. When
you suffer a loss of general network connectivity on a Windows Server 2003 or
Windows XP computer, the OS makes sure that you know you have a problem. Unfortunately,
there's no similar method to keep you aware of IPsec status. Depending on the
IPsec deployment, when you have a problem, either you'll lose all network connectivity
or—more likely and more insidious— network communications will continue
working but with no encryption. Imagine your shock when you find that your network
traffic is completely unsecure when you believed yourself to be protected. . . .
Register
