RE: Remote Desktop Connection does not encrypt with ipsec

From: Vincent Xu [MSFT] (v-xuwen_at_online.microsoft.com)
Date: 08/25/05 

Date: Thu, 25 Aug 2005 11:46:45 GMT

Hello,

Based on my test and experience, Your configuration steps are correct. So
regarding this, please send me a scree shot to show the status on your
ipsecmon.

To take a screen shot:
---------------------
1) Press the Pr Scrn key once on the keyboard when the error message
appears.
2) Click Start, go to Run, enter MSPAINT in the open dialog box, and then
Click OK.
3) Use Ctrl + V to paste the screenshot to the canvas.
4) From the File menu, go to Save and save it as a JPG file.
5) Send the JPG file to me as an attachment.
My mailbox: v-xuwen@microsoft.com

To verify on the earch whether the data is encrypted, I suggest you use
netmon to trace the data.
Network Monitor:
=======================
1. To obtain a time-bombed version of Network Monitor, visit the following
Microsoft Web site:
ftp://ftp.microsoft.com/PSS/Tools/NetMon/NETMON2.ZIP
2. Download the netmon2.zip file. The password for that zip is "trace" (no
quotation marks).
3. Run the qfesetup.exe file to install Network Monitor on HSMain.

Please send me the capture data. And don't forget the source MAC and Desc
MAC.

Best regards,

Vincent Xu
Microsoft Online Partner Support

Get Secure! - www.microsoft.com/security

--------------------
>>Thread-Topic: Remote Desktop Connection does not encrypt with ipsec
>>thread-index: AcWpTYOvY/isMYd6QP+TWjhgfrKSZw==
>>X-WBNR-Posting-Host: 212.79.172.242
>>From: "=?Utf-8?B?UmV4IEtyZW1lcg==?=" <rex@news.postalias>
>>Subject: Remote Desktop Connection does not encrypt with ipsec
>>Date: Thu, 25 Aug 2005 01:18:03 -0700
>>Lines: 28
>>Message-ID: <B94A3101-08C1-41E9-9986-21095901FA75@microsoft.com>
>>MIME-Version: 1.0
>>Content-Type: text/plain;
>> charset="Utf-8"
>>Content-Transfer-Encoding: 7bit
>>X-Newsreader: Microsoft CDO for Windows 2000
>>Content-Class: urn:content-classes:message
>>Importance: normal
>>Priority: normal
>>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
>>Newsgroups: microsoft.public.win2000.security
>>NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
>>Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
>>Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.win2000.security:14984
>>X-Tomcat-NG: microsoft.public.win2000.security
>>
>>Hi,
>>
>>I would like to encrypt the rdc connection for terminal services with an
>>ipsec connection to make it more secure.
>>
>>I have set up a Policy on the terminal server (request security) with an
ip
>>filter
>>my ip adress -> to any
>>tcp -> port 3389 to any
>>and the rule is mirrored.
>>It uses Kerberos Authentication.
>>The server is only a terminal server (Windows 2000) and not a domain
>>controller.
>>
>>I have configured the client (WIn XP) with the client respond only
security
>>policy.
>>When I am connecting from the client to the server ipsecmon shows no
>>encryption at all.
>>
>>For testing i have configured the policy on the server that all traffic
>>should be encypted and it works fine.
>>
>>What went wrong in my configuration?
>>
>>regards
>>
>>
>>
>>