For a detailed overview of how to enable Microsoft Windows debugging, see the Microsoft website. Currently, the following URL works:
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/sag_ipsec_tools.mspx
In essence, you want to enable Oakley.log
. This is the file where all IKE debugging information will end up. You need to add the following key to the Windows Registry:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\PolicyAgent\Oakley\EnableLogging
and set it to the value 1. Then either reboot the machine, or just restart the IPsec IKE daemon using these commands at a command prompt:
net stop policyagent net start policyagent
If you are running Remote Access, you will also need to restart the Remote Access Service.
If you are using Windows XP SP2 or higher, and have installed ipseccmd.exe
from the Resource Kit, you can execute the following command to enable debugging:
ipseccmd set logike
To disable logging...