Event ID 4650

An IPsec main mode security association was established

An IPsec main mode security association was established. Extended mode was not enabled.  Certificate authentication was not used.

Local Endpoint:
    Principal Name:     %1
    Network Address:    %3
    Keying Module Port: %4

Remote Endpoint:
    Principal Name:     %2
    Network Address:    %5
    Keying Module Port: %6

Security Association Information:
    Lifetime (minutes): %12
    Quick Mode Limit:   %13
    Main Mode SA ID:    %17

Cryptographic Information:
    Cipher Algorithm:   %9
    Integrity Algorithm:    %10
    Diffie-Hellman Group:   %11

Additional Information:
    Keying Module Name:     %7
    Authentication Method:  %8
    Role:                   %14
    Impersonation State:    %15
    Main Mode Filter ID:    %16

Microsoft Documentation

Event ID - 4650

Lookup Audit Policy Configuration Settings


  C:\> AuditPol.exe /get  /subcategory:"IPsec Main Mode"

How to enable Windows Auditing

Recommended Audit Policy

Operating Systems:

Windows Vista Windows 2008 Windows 7 Windows 2008 R2 Windows 8 Windows 2012 Windows 8.1 Windows 2012 R2 Windows 10 Windows 2016 Windows 2019 Windows 7 Windows 2022

Tags:

Audit Success

Audit Category:

Logon/Logoff

Audit Subcategory:

IPsec Main Mode

LEFT/RIGHT arrow keys for navigation

Back to List