As stated in Chapter 11, the Microsoft Windows Server 2003 family provides the following tools to troubleshoot VPN connections:
Transmission Control Protocol/Internet Protocol (TCP/IP) troubleshooting tools
Authentication and account logging
Event logging
Internet Authentication Services (IAS) event logging
Point-to-Point Protocol (PPP) logging
Tracing
Oakley logging
Network Monitor
We did an extensive overview of these tools in the previous chapter and won’t repeat their uses here. For more information about these tools, see Chapter 11.
One new tool you need to be aware of for site-to-site connections is the Unreachability Reason facility, which you can use to investigate a site-to-site VPN connection problem. When a demand-dial interface fails to make a connection, the interface is left in an unreachable state and the Routing And Remote Access service records the reason why the connection attempt failed in the Unreachability Reason facility. Using this tool can save you a lot of time and effort, so be sure to check it for results of failures.
To view the unreachability reason tool
From the console tree in the Routing And Remote Access snap-in, click Network Interfaces.
In the details pane, right-click the demand-dial interface, and then click Unreachability Reason.