The Diagnostic Report generated by the tool is conclusive and is derived from the system logs collected by the tool during its analysis phase. These logs are self sufficient to diagnose any network related issues. For further assistance, the logs would require to be shared with Network Administrators or Microsoft support.
The tool offers two modes of functionality, Local and Remote Mode:
In local mode, the tool needs to be run on the system under investigation and can also be used for live troubleshooting. It also collects system information required to diagnose network issues. IPSec and related information is further parsed and analyzed to arrive at possible triggers of the failure. All logs and data collected are put into a CAB file.
Remote mode offers failure diagnosis through IPSec logs. In this mode, the tool parses Oakley (Windows XP, Windows Server 2003), IKE (Windows Vista and above) logs, output of IPSec dump from Netsh and ipseccmd logs. This mode offers the flexibility to run the tool on a machine other than the one under investigation. Another input to the tool in this mode is the IP Address of the remote machine to which connectivity fails.
The main difference between Local Mode and Remote Mode is that Local is used for Diagnostic and Remote is used for offline analysis of logs that are collected. Local Mode works on Windows Vista and above. Remote Mode works on Oakley, Netsh, ipseccmd and IKE logs (Vista) to diagnose failures.
Download Microsoft IPsec Diagnostic Tool from here