Event ID: 4982

IPsec main mode and extended mode security associations were established

IPsec main mode and extended mode security associations were established.

Local Endpoint:
    Principal Name:     %1
    Network Address:    
    Keying Module Port: %9

Local Certificate:
    SHA Thumbprint: %2
    Issuing CA:     %3
    Root CA:        %4

Remote Endpoint:
    Principal Name:     %5
    Network Address:    %10
    Keying Module Port: %11

Remote Certificate:
    SHA Thumbprint: %6
    Issuing CA:     %7
    Root CA:        %8

Cryptographic Information:
    Cipher Algorithm:   %12
    Integrity Algorithm:    %13
    Diffie-Hellman Group:   %14

Security Association Information:
    Lifetime (minutes): %15
    Quick Mode Limit:   %16
    Main Mode SA ID:    %20

Additional Information:
    Keying Module Name: AuthIP
    Authentication Method:  SSL
    Role:           %17
    Impersonation State:    %18
    Main Mode Filter ID:    %19

Extended Mode Local Endpoint:
    Principal Name:     %21
    Certificate SHA Thumbprint: %22
    Certificate Issuing CA: %23
    Certificate Root CA:    %24

Extended Mode Remote Endpoint:
    Principal Name:     %25
    Certificate SHA Thumbprint: %26
    Certificate Issuing CA: %27
    Certificate Root CA:    %28
Extended Mode Additional Information:
    Authentication Method:  SSL
    Impersonation State:    %29
    Quick Mode Filter ID:   %30



Lookup Audit Policy Configuration Settings

C:\> AuditPol.exe /get /subcategory:"IPsec Extended Mode"
How to enable Windows Auditing



LEFT/RIGHT arrow keys for navigation

Back to List