Event ID: 4650

An IPsec main mode security association was established

An IPsec main mode security association was established. Extended mode was not enabled.  Certificate authentication was not used.

Local Endpoint:
    Principal Name:     %1
    Network Address:    %3
    Keying Module Port: %4

Remote Endpoint:
    Principal Name:     %2
    Network Address:    %5
    Keying Module Port: %6

Security Association Information:
    Lifetime (minutes): %12
    Quick Mode Limit:   %13
    Main Mode SA ID:    %17

Cryptographic Information:
    Cipher Algorithm:   %9
    Integrity Algorithm:    %10
    Diffie-Hellman Group:   %11

Additional Information:
    Keying Module Name:     %7
    Authentication Method:  %8
    Role:                   %14
    Impersonation State:    %15
    Main Mode Filter ID:    %16
Microsoft Documentation

Event ID - 4650





Lookup Audit Policy Configuration Settings

C:\> AuditPol.exe /get /subcategory:"IPsec Main Mode"
How to enable Windows Auditing



LEFT/RIGHT arrow keys for navigation

Back to List