Implement IPSec on Win2k3: Clients and Servers - Page 2
Monitoring and Verifying IPSec Traffic
![]() |
(Click for a larger image) |
The statistics provided include the amount of data that has been sent and received in encrypted form, and the number of current security associations. This number represents the IPSec connections that are currently established between this server and other systems. To see details of these connections, click the Security Associations folder as shown in Figure 4.
![]() |
(Click for a larger image) |
So, Is it Worth it?
At the beginning of Part One, we said that we would answer the question of whether implementing IPSec on your network was worth it. Hopefully we have demonstrated that the implementation process is very straightforward, and its operation completely transparent. In fact, it's hard to find fault with IPSec.
However, one consideration is that IPSec adds an extra layer of complexity to network troubleshooting. Every time you experience a connectivity issue, you have to consider whether the problem is with the underlying network structure, or with IPSec. It may be that IPSec is not the cause of the problem, but it's one more thing to consider, when you probably have enough to think about already. Additionally, on larger networks or those with already high network traffic levels, you should consider whether the additional (though minimal) network traffic associated with the setup and maintenance of IPSec connections would be a problem. Chances are it wont be, but it should be considered.
Ultimately, IPSec makes sense if you either feel that the data on your network is at risk, or if you value the security of your data enough to spend a small amount of time configuring your systems. Given that Microsoft provides all the software and tools need to configure and monitor IPSec, you have nothing to lose by giving it a try in a test environment.