HOW TO: Use IPSec Monitor in Windows 2000

Article translations Article translations
Article ID: 313195 - View products that this article applies to.
This article was previously published under Q313195
This article has been archived. It is offered "as is" and will no longer be updated.
Expand all | Collapse all

On This Page

Summary

Windows 2000 supports the use of Internet Protocol security (IPSec) to secure communications between computers. IPSec is a cross-platform protocol. Windows 2000-based computers use IPSec policies to control which communications require the use of IPSec. A computer can require that IPSec secures all communications, or only a subset of all communications can be required to use IPSec. You use IPSec filters to control when IPSec is applied.

To test the IPSec policies, use IPSec Monitor. IPSec Monitor (Ipsecmon.exe) provides information about which IPSec policy is active and whether a secure channel between computers is established.

Start IPSec Monitor

  1. Click Start, and then click Run.
  2. In the Open box, type ipsecmon.
  3. Click Options.

    You can change the Refresh interval in the IP Security Monitor Options dialog box.
To see how IPSec Monitor functions, you need two Windows 2000-based computers that are members of the same Windows 2000 domain. One computer is the IPSec client computer and the other computer is the IPSec server. The following two sections describe how to configure the IPSec client computer and IPSec server to test a security policy.

IPSec Client Computer

  1. Click Start, point to Programs, point to Administrative Tools, and then click Local Security Policy.
  2. Click to expand the Security Settings node in the left pane, and then click the IP Security Policies node.
  3. Double-click Client (Responds Only) policy in the right pane.
  4. Click to clear the Dynamic check box, and the click to select the All ICMP Traffic check box.
  5. Double-click the All ICMP Traffic rule, click the Filter Action tab, and then click Require Security.
  6. Click Apply, and then click OK.
  7. Click Close.

IPSec Server

  1. Click Start, point to Programs, point to Administrative Tools, and then click Local Security Policy.
  2. Click to expand the Security Settings node in the left pane, and then click the IP Security Policies node.
  3. Double-click the Secure Server (Require Security) policy in the right pane.
  4. Click to clear the All IP Traffic and the Dynamic check boxes, and then click to select the All ICMP Traffic check box.
  5. Double-click the All ICMP Traffic rule.
  6. Click the Filter Action tab, and then click Require Security.
  7. Click Apply, and then click OK.
  8. Click Close.
  9. On the IPSec client computer, start IPSec Monitor.
  10. From a command prompt, type ping -t ipsec_server_ip_address.

    For the first few seconds, a "Negotiating IPSec Policy" message is displayed, and then you receive Internet Control Message Protocol (ICMP) echo replies. When you bring IPSec Monitor to the foreground, you see that the IPSec security association is established and the filter name is listed as "ICMP."
  11. Close the command window to stop the ping command. Note that the IPSec security association continues for a short period of time before timing out.
To restore the default IPSec policies on each computer:
  1. Right-click the IP Security Policies node in the left pane, point to All Tasks, and then click Restore Default Policies.
  2. Click Yes when you receive the "Are you sure?" message.
  3. Click OK to confirm that the default policies have been returned to their default values.

Properties

Article ID: 313195 - Last Review: October 26, 2013 - Revision: 4.0
Applies to
  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Professional Edition
Keywords: 
kbnosurvey kbarchive kbhowto kbhowtomaster KB313195

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com