Troubleshooting network protocol security
Troubleshooting IP Security can be difficult. IPSec is a complex protocol that is designed so that attackers cannot get information about it. As a network administrator, you have some additional privileges, like access to tools on each of the systems that are attempting to communicate, that an attacker does not have, but troubleshooting IPSec and its policies can still be complex. Keep the following pointers in mind when troubleshooting IP Sec:
Troubleshooting Methodology: when troubleshooting, you should always have a logical, scientific process that you follow to solve the problem. Trial and Error may be needed to solve some problems, but it must be done methodically and scientifically, not haphazardly. Good troubleshooting habits include creating a plan, making only one change at a time, and documenting the results.
IP Security Monitor Statistics: with IP Security Monitor, you can also compare statistics on each side of the connection. This can be useful to see exactly what types of IPSec failures are occurring and if they are in main mode or quick mode.
Event Logging: the Event Viewer Security log can be used to troubleshoot IP Security issues, but you may want to increase the auditing level to its maximum. This can be done with Netsh.
Next: IP Security Policies