This should help you out when you have those weird "network" issues going on with some clients where IPSEC is deployed.
Description from KB:
You can use the Microsoft IPsec Diagnostic Tool to check for common network problems on the host computer. When problems are found, the tool suggests appropriate repair commands. The tool also collects IPsec policy information on the computer, and it parses the IPsec logs to determine the reasons for network failures. Additionally, you can use this tool for collecting traces of VPN connections and for collecting information about NAT clients, about Windows Firewall configuration, about Group Policy updates, about Wireless events, and about System events.
This diagnostic report that is generated by this tool is derived from the system logs that are collected by the tool during its analysis phase. Therefore, this report is conclusive. The information in these logs is sufficient to diagnose any network-related issues. For assisted support, you may have to share the logs with network administrators or with Microsoft Support. For more assistance, see the Help feature that is included with the tool.