IPSec Monitoring Tool

The IPSec monitor can confirm whether your secured communications are successful, by displaying the active security associations on local or remote computers.

For example, you can use IPSec Monitor to determine whether there has been a pattern of authentication or security association failures, possibly indicating incompatible security policy settings.

The IPSec monitor can be run on the local computer or it can be run remotely if you have a network connection to the remote computer.

To start the IPSec monitor

1. Click Start, and then click Run.
2. Type:

ipsecmon <computername>



3. Use the Options button to set the refresh rate.

An entry is displayed for each active security association. The information contained in each entry includes the name of the active IPSec policy, the active Filter Action and IP Filter List (including details of the active filter), and the tunnel endpoint (if one was specified).

It can also provide statistics to aid in performance tuning and troubleshooting, including the following statistics:

• The number and type of active security associations.
• The total number of master and session keys. Successful IPSec security associations initially cause one master key and one session key. Subsequent key regenerations are shown as additional session keys.
• The total number of confidential (ESP) or authenticated (ESP or AH) bytes sent or received.

Note

Because ESP provides authenticity and confidentiality, both counters are incremented.

• The total number of soft associations.

The refresh rate is the only configurable option. By default, the statistics update every 15 seconds. The statistics are accumulated with each communication that uses IPSec.

© 1985-2000 Microsoft Corporation. All rights reserved.