- 3 views
Exam
Answer needs confirmation
Question
You have an on-premises network and an Azure virtual network.
You establish a Site-to-Site VPN connection from the on-premises network to the Azure virtual network, but the connection frequently disconnects.
You need to debug the IPsec tunnel from Azure.
Which Azure VPN Gateway diagnostic log should you review?
Proposed answer
- A. GatewayDiagnosticLog
- B. RouteDiagnosticLog
- C. IKEDiagnosticLog
- D. TunnelDiagnosticLog
Suggested answer
C (58%)
D (42%)
xxxxx85xx
Highly Voted 2 years, 9 months ago
Correct Answer "TunnelDiagnosticLog Contains tunnel state change events. Tunnel connect/disconnect events have a summarized reason for the state change if applicable."
upvoted 8 times
syu31svc
Highly Voted 1 year, 9 months ago
Selected Answer: C
I choose option C The IKEDiagnosticLog table offers verbose debug logging for IKE/IPsec. This is very useful to review when troubleshooting disconnections, or failure to connect VPN scenarios.
upvoted 5 times
raulgar
1 year, 8 months ago
Yeah, it looks C https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-setup-alerts-virtual-network-gateway-log
upvoted 1 times
starseed
Most Recent 4 months, 2 weeks ago
D. TunnelDiagnosticLog
upvoted 2 times
smorar
7 months, 3 weeks ago
Selected Answer: C
The TunnelDiagnosticLog is useful to troubleshoot past events about unexpected VPN disconnections. Its lightweight nature offers the possibility to analyze large time ranges over several days with little effort. Only after you identify the timestamp of a disconnection, you can switch to the more detailed analysis of the IKEdiagnosticLog table to dig deeper into the reasoning of the disconnections shall those be IPsec related. You need to debug the IPsec tunnel from Azure. Option C. https://learn.microsoft.com/en-us/azure/vpn-gateway/troubleshoot-vpn-with-azure-diagnostics
upvoted 1 times
ahenriquez02
8 months, 2 weeks ago
Answer is D TunnelDiagnosticLog: Contains tunnel state change events. Tunnel connect or disconnect events have a summarized reason for the state change if applicable.
upvoted 1 times
mohamed1999
8 months, 2 weeks ago
Selected Answer: D
TunnelDiagnosticLog Contains tunnel state change events. Tunnel connect/disconnect events have a summarized reason for the state change if applicable. https://learn.microsoft.com/en-us/azure/vpn-gateway/troubleshoot-vpn-with-azure-diagnostics
upvoted 2 times
004b54b
8 months, 3 weeks ago
Selected Answer: D
As explained by several ppl below, TunnelDiagnosticLog is the first step if we don't want to miss anything and going ahead too quickly in a wrong direction
upvoted 1 times
SanMan_NZ
11 months ago
Selected Answer: D
D is correct as per the below link (TunnelDiagnosticLog section). This article infers that the TunnelDiagnosticLog is your 1st stop diagnostic. Armed with these facts one would then move to the IKEdiagnosticLog to drill down further into the issue. https://learn.microsoft.com/en-us/azure/vpn-gateway/troubleshoot-vpn-with-azure-diagnostics
upvoted 2 times
[Removed]
1 year, 2 months ago
The Azure VPN Gateway diagnostic log that should be reviewed to debug the IPsec tunnel from Azure is: Option C. IKEDiagnosticLog This log specifically contains information about Internet Key Exchange (IKE), which is a fundamental part of setting up the IPsec tunnel for a Site-to-Site VPN connection. Reviewing the IKEDiagnosticLog can provide insights into the issues causing the frequent disconnections.
upvoted 1 times
ala76nl
1 year, 6 months ago
D, Yes, that's correct. Starting with the TunnelDiagnosticLog is a good approach because it gives a broader, higher-level view of the connectivity statuses over time. This can help identify patterns or specific instances when the disconnects occur. This is beneficial because it could help to isolate whether the disconnects are happening at specific times, or under specific conditions, which can be extremely useful information for troubleshooting. Once the time of a disconnection has been identified, then you can use the IKEDiagnosticLog to delve into the details of the IPsec protocol at the time of disconnection. This log will provide more specific information about the negotiation between the two ends of the tunnel and can help pinpoint the exact reason for the disconnection, especially if the issue is related to IPsec. Therefore, while it may seem more efficient to directly dive into the detailed IKEDiagnosticLog, beginning with the TunnelDiagnosticLog can provide valuable context and help to streamline the troubleshooting process.
upvoted 2 times
wyvern8888
1 year, 6 months ago
Answer is D. You can review the GatewayDiagnosticLog for Azure VPN Gateway diagnostics to troubleshoot the IPsec tunnel from Azure. This log contains diagnostic logs for gateway configuration events, primary changes, and maintenance events. It also contains resource logs for gateway configuration events, primary changes, and maintenance events1. You can follow this procedure to learn how to set up diagnostic log events from Azure VPN Gateway using Azure Log Analytics1: Create a Log Analytics Workspace using this article. Find your VPN gateway on the Monitor > Diagnostics settings blade. Select the gateway and click on “Add Diagnostic Setting”.
upvoted 1 times
arnitjoe
1 year, 8 months ago
Selected Answer: C
"The TunnelDiagnosticLog is very useful to troubleshoot past events about unexpected VPN disconnections. Its lightweight nature offers the possibility to analyze large time ranges over several days with little effort. Only after you identify the timestamp of a disconnection, you can switch to the more detailed analysis of the IKEdiagnosticLog table to dig deeper into the reasoning of the disconnections shall those be IPsec related."
upvoted 1 times
King_Laps
2 years, 5 months ago
the answer is correct.
upvoted 2 times