Event ID: 4651

An IPsec main mode security association was established

An IPsec main mode security association was established. Extended mode was not enabled.  A certificate was used for authentication.

Local Endpoint:
    Principal Name:     %1
    Network Address:    %9
    Keying Module Port: %10

Local Certificate:
    SHA Thumbprint:     %2
    Issuing CA:         %3
    Root CA:            %4

Remote Endpoint:
    Principal Name:     %5
    Network Address:    %11
    Keying Module Port: %12

Remote Certificate:
    SHA thumbprint:     %6
    Issuing CA:         %7
    Root CA:            %8

Cryptographic Information:
    Cipher Algorithm:       %15
    Integrity Algorithm:    %16
    Diffie-Hellman Group:   %17

Security Association Information:
    Lifetime (minutes): %18
    Quick Mode Limit:   %19
    Main Mode SA ID:    %23

Additional Information:
    Keying Module Name:     %13
    Authentication Method:  %14
    Role:                   %20
    Impersonation State:    %21
    Main Mode Filter ID:    %22
Microsoft Documentation

Event ID - 4651





Lookup Audit Policy Configuration Settings

C:\> AuditPol.exe /get /subcategory:"IPsec Main Mode"
How to enable Windows Auditing



LEFT/RIGHT arrow keys for navigation

Back to List