Event ID: 4980

IPsec main mode and extended mode security associations were established

IPsec main mode and extended mode security associations were established.

Main Mode Local Endpoint:
    Principal Name:     %1
    Network Address:    %3
    Keying Module Port: %4

Main Mode Remote Endpoint:
    Principal Name: %2
    Network Address:    %5
    Keying Module Port: %6

Main Mode Cryptographic Information:
    Cipher Algorithm:   %8
    Integrity Algorithm:    %9
    Diffie-Hellman Group:   %10

Main Mode Security Association:
    Lifetime (minutes): %11
    Quick Mode Limit:   %12
    Main Mode SA ID:    %16

Main Mode Additional Information:
    Keying Module Name: AuthIP
    Authentication Method:  %7
    Role:           %13
    Impersonation State:    %14
    Main Mode Filter ID:    %15

Extended Mode Local Endpoint:
    Principal Name: %17
    Certificate SHA Thumbprint: %18
    Certificate Issuing CA: %19
    Certificate Root CA:    %20

Extended Mode Remote Endpoint:
    Principal Name: %21
    Certificate SHA Thumbprint: %22
    Certificate Issuing CA: %23
    Certificate Root CA:    %24

Extended Mode Additional Information:
    Authentication Method:  SSL
    Impersonation State:    %25
    Quick Mode Filter ID:   %26



Lookup Audit Policy Configuration Settings

C:\> AuditPol.exe /get /subcategory:"IPsec Extended Mode"
How to enable Windows Auditing



LEFT/RIGHT arrow keys for navigation

Back to List