IPsec is one of the most important technologies that you can use to secure your network. IPsec has been available in Windows since Windows 2000, but not as many networks admins use it as they should, mostly because IPsec is hard to configure and even harder to troubleshoot. Some of the configuration problems have been solved in Windows Server 2008 and Windows Vista, as the Advanced Windows Firewall included in these products make it much easier to configure and manage.
However, troubleshooting IPsec can and is a problem even for the most experienced Microsoft network admins and security administrators. There are a lot of moving parts in IPsec and getting just one of them wrong will whack your entire IPsec house of cards. Microsoft knows about this problem, and has provided you with a new tool, the Microsoft IPsec Diagnostic Tool.
Microsoft IPsec Diagnostic Tool checks for common network problems on the host machine and if found, suggests repair commands. Further, it collects IPsec policy information on the system and parses the IPsec logs to deduce why a failure might have happened. Beyond IPsec, it offers trace collection for VPN, NAP client, Windows Firewall, Group policy updates, Wireless and System events. The Diagnostic Report generated by the tool is conclusive and is derived from the system logs collected by the tool during its analysis phase. These logs are self sufficient to diagnose any network related issues. For further assistance, the logs can be shared with Network Administrators or Microsoft support.
Thomas W Shinder, M.D.
GET THE NEW BOOK! Go to http://tinyurl.com/2gpoo8
MVP - Microsoft Firewalls (ISA)