IPSEC traffic logging - Network

This is a discussion on IPSEC traffic logging - Network ; I'm setting up an IPSEC policy to block traffic to and from a server . The policy enable traffic for specific protocols that we need and have a DENY ANY to block unknown traffic. My problem is that I'd like ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: IPSEC traffic logging

  1. IPSEC traffic logging

    I'm setting up an IPSEC policy to block traffic to and from a server .
    The policy enable traffic for specific protocols that we need and have a
    DENY ANY to block unknown traffic.
    My problem is that I'd like to know which traffic is being blocked by the
    IPSEC policy but couldn't find it in any log.
    Is there a way I can trace it , as for example is possible with the firewall
    service ?
    thanks


  2. RE: IPSEC traffic logging

    Hi Stefano, please see the Troubleshooting Chapter 7 of the Server and Domain
    Isolation Guide. It will tell you how to enable IPsec driver logging. It's
    not great, because it goes to the System Log, so you don't want to leave it
    on. But it's available if you need it. Use Netmon to correlate a dropped
    packet with a log event so you know how to interpret the hex of the packet in
    the detailed part of the event.

    Chapter 7 is linked off:
    http://www.microsoft.com/ipsec

    "Stefano Colombo" wrote:

    > I'm setting up an IPSEC policy to block traffic to and from a server .
    > The policy enable traffic for specific protocols that we need and have a
    > DENY ANY to block unknown traffic.
    > My problem is that I'd like to know which traffic is being blocked by the
    > IPSEC policy but couldn't find it in any log.
    > Is there a way I can trace it , as for example is possible with the firewall
    > service ?
    > thanks
    >
    >


+ Reply to Thread