Event ID: 4963

IPsec dropped an inbound clear text packet that should have been secured

IPsec dropped an inbound clear text packet that should have been secured. If the remote computer is configured with a Request Outbound IPsec policy, this might be benign and expected.  This can also be caused by the remote computer changing its IPsec policy without informing this computer. This could also be a spoofing attack attempt.

Remote Network Address: %1
Inbound SA SPI:     %2



Lookup Audit Policy Configuration Settings

C:\> AuditPol.exe /get /subcategory:"IPsec Driver"
How to enable Windows Auditing



LEFT/RIGHT arrow keys for navigation

Back to List