how can we check if IPSEC tunnel is created after conencting to UAG server
-
Monday, August 27, 2012 4:20 PMhow can we check if IPSEC tunnel is created after conencting to UAG server
All Replies
-
Monday, August 27, 2012 6:00 PM
If we talk about DirectAccess, just have a look in the firewall console (wf.msc) on your Windows 7 computer and expand the monitoring node. You will find a security associations node. from the command line just run NETSH ADVFIREWALL MONITOR SHOW MMSA in an elevated command-prompt. This command will list ass main associations.
BenoitS - Simple by Design http://danstoncloud.com/blogs/simplebydesign/default.aspx
-
Tuesday, August 28, 2012 4:32 AM
I see below output
Wish to understand why do I see Main mode SA 2 time ?
Thanks for help .
C:\Windows\system32>netsh advfirewall monitor show mmsa
Main Mode SA at 08/28/2012 09:56:54
----------------------------------------------------------------------
Local IP Address: 2002:605a:eb18:8100:6c0f:ea06:290e:8d5f
Remote IP Address: 2002:605c:ed13::405a:cb13
Auth2 Local ID: Domain\User Name
Auth2 Remote ID: host/UAG server
Auth1: ComputerCert
Auth2: UserKerb
MM Offer: None-AES128-SHA256
Cookie Pair: 104be720e1d867b2:c0eca158333c40f2
Health Cert: NoMain Mode SA at 08/28/2012 09:56:54
----------------------------------------------------------------------
Local IP Address: 2002:605a:eb18:8100:6c0f:ea06:290e:8d5f
Remote IP Address: 2002:605c:ed13::405a:cb13
Auth1: ComputerCert
Auth2: UserNTLM
MM Offer: None-AES128-SHA256
Cookie Pair: c7b2c6a91c6960:939e2534e2a3bd60
Health Cert: No
Ok. -
Tuesday, August 28, 2012 4:37 AM
Another thing I wish to understand is after complete SA authentication , how many NTLMv2 and Kerberoes we are supposed to see under main mode ?
Thanks again.
-
Tuesday, August 28, 2012 7:22 AM
Hi
Technically speaking you should have one NTLMv2+Certificate IPSEC tunnel named infrastructure tunnel and one Kerberos+Certificate tunnel named user tunnel but you might have more in some situations. Note that disconnected tunnels might appears in the list for a while.
BenoitS - Simple by Design http://danstoncloud.com/blogs/simplebydesign/default.aspx
-
Tuesday, August 28, 2012 8:30 AM
Great Thanks.
Do you know why after disconnecting with UAG server why do we still see tunnel under Main Mode ?
Thanks for help.
-
Tuesday, August 28, 2012 7:05 PM
Hi
Technically, when your laptop gracefully disconnect it send a termination message to the UAG box. I suspect that in some situations, you just disconnect the wifi, kill the 3G app or put your computer into sleep mode. In theses cases, the UAG box never receive the termination. In these case, only timeout will disconnect the IPSEC tunnel.
BenoitS - Simple by Design http://danstoncloud.com/blogs/simplebydesign/default.aspx
-
Wednesday, August 29, 2012 3:37 AM
Thanks Beniot and how much is default timeout ?
-
Wednesday, August 29, 2012 7:50 AM
Hi
I did not explore IPSEC RFC but i suppose there's a kind of garbage collector process that kill inactive sessions that dit not renews their main and quick mode association keys.
BenoitS - Simple by Design http://danstoncloud.com/blogs/simplebydesign/default.aspx
-
Wednesday, August 29, 2012 7:47 PMI also do not know what the timeouts are set to, but I do know from experience that sessions continue to show up for quite a while after disconnect. Especially if you are using the UAG Web Monitor, sessions that have terminated will sometimes hang out in there for an hour or more. Nobody that I have asked has ever been able to tell me exactly why it happens :)
.png)
