Event ID: 4980

IPsec main mode and extended mode security associations were established

IPsec main mode and extended mode security associations were established.

Main Mode Local Endpoint:
    Principal Name:     %1
    Network Address:    %3
    Keying Module Port: %4

Main Mode Remote Endpoint:
    Principal Name: %2
    Network Address:    %5
    Keying Module Port: %6

Main Mode Cryptographic Information:
    Cipher Algorithm:   %8
    Integrity Algorithm:    %9
    Diffie-Hellman Group:   %10

Main Mode Security Association:
    Lifetime (minutes): %11
    Quick Mode Limit:   %12
    Main Mode SA ID:    %16

Main Mode Additional Information:
    Keying Module Name: AuthIP
    Authentication Method:  %7
    Role:           %13
    Impersonation State:    %14
    Main Mode Filter ID:    %15

Extended Mode Local Endpoint:
    Principal Name: %17
    Certificate SHA Thumbprint: %18
    Certificate Issuing CA: %19
    Certificate Root CA:    %20

Extended Mode Remote Endpoint:
    Principal Name: %21
    Certificate SHA Thumbprint: %22
    Certificate Issuing CA: %23
    Certificate Root CA:    %24

Extended Mode Additional Information:
    Authentication Method:  SSL
    Impersonation State:    %25
    Quick Mode Filter ID:   %26

Lookup Audit Policy Configuration Settings


  C:\> AuditPol.exe /get  /subcategory:"IPsec Extended Mode"

How to enable Windows Auditing

Recommended Audit Policy

Operating Systems:

Windows Vista Windows 2008 Windows 2008 R2 Windows 7 Windows 2012 Windows 2012 R2 Windows 8 Windows 8.1 Windows 10 Windows 2016 Windows 2019 Windows 11 Windows 2022

Audit Category:

Logon/Logoff

Audit Subcategory:

IPsec Extended Mode

LEFT/RIGHT arrow keys for navigation

Back to List