A readers asks whether it's possible to enable logging for IPSec. The answer is yes. To enable IPSec logging, perform the following registry change--but be careful--incorrect registry edits can lead to a non-bootable system:

Start the Registry Editor (regedit.exe) and move to the following registry area:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent

From the Edit menu select New, then Key, and then define the key name as "Oakley" without the quotes. Next, select the newly created Oakley key and then select New, DWORD Value from the Edit menu. Enter the DWORD name as "EnableLogging" without the quotes and set its value to 1. Once the definitions are complete, restart the PolicyAgent service so that the changes take affect. Keep in mind that the logs will be written to the %systemroot%\debug\oakley.log file