Event ID 4981

IPsec main mode and extended mode security associations were established

IPsec main mode and extended mode security associations were established.

Local Endpoint:
    Principal Name:     %1
    Network Address:    %9
    Keying Module Port: %10

Local Certificate:
    SHA Thumbprint: %2
    Issuing CA:     %3
    Root CA:        %4

Remote Endpoint:
    Principal Name:     %5
    Network Address:    %11
    Keying Module Port: %12

Remote Certificate:
    SHA Thumbprint: %6
    Issuing CA:     %7
    Root CA:        %8

Cryptographic Information:
    Cipher Algorithm:   %13
    Integrity Algorithm:    %14
    Diffie-Hellman Group:   %15

Security Association Information:
    Lifetime (minutes): %16
    Quick Mode Limit:   %17
    Main Mode SA ID:    %21

Additional Information:
    Keying Module Name: AuthIP
    Authentication Method:  SSL
    Role:           %18
    Impersonation State:    %19
    Main Mode Filter ID:    %20

Extended Mode Information:
    Local Principal Name:   %22
    Remote Principal Name:  %23
    Authentication Method:  %24
    Impersonation State:    %25
    Quick Mode Filter ID:   %26

Lookup Audit Policy Configuration Settings


  C:\> AuditPol.exe /get  /subcategory:"IPsec Extended Mode"

How to enable Windows Auditing

Recommended Audit Policy

Operating Systems:

Windows Vista Windows 2008 Windows 2008 R2 Windows 7 Windows 2012 Windows 2012 R2 Windows 8 Windows 8.1 Windows 10 Windows 2016 Windows 2019 Windows 11 Windows 2022

Audit Category:

Logon/Logoff

Audit Subcategory:

IPsec Extended Mode

LEFT/RIGHT arrow keys for navigation

Back to List