Hi guys,We have IPSec working fine in our win2003/xp environemnt. I take the same GPO and apply it to a win2008 server and it applies fine and when I go into the IPSec monitor I see the correct active policy on the server, but I can never see any security associations as either encrypted or unencrypted. If I run a netstat -an I see the connections from the client exactly as they should be and the connections from the clients are working fine to that server. We run the same policies against a lot of windows 2003 servers and they work fine and we can see the connections, etc. It just never shows up on the windows 2008 box and I have refreshed and restarted the IPSec service, etc. Does anyone have any ideas on this? Do the firewalls have to be enabled or something like that for this to report correctly on the Windows2008 side?Thanks,DanDan Heim

I think ipsec only uses ports 50,51, and 500. If those are open I think that's all you need. Can you test this on another 2008 server? You could always use a sniffer like wireshark to see if something fishy is happening as well.

I know what ports ipsec uses and the netstat -an command is sufficient for seeing the connections so wireshark is not needed. These policies work great on Windows 2003 and we use them all the time, but for whatrever reason are not applying to 2 different Windows 2008 servers.Dan Heim