Event ID: 4982

IPsec main mode and extended mode security associations were established

IPsec main mode and extended mode security associations were established.

Local Endpoint:
    Principal Name:     %1
    Network Address:    
    Keying Module Port: %9

Local Certificate:
    SHA Thumbprint: %2
    Issuing CA:     %3
    Root CA:        %4

Remote Endpoint:
    Principal Name:     %5
    Network Address:    %10
    Keying Module Port: %11

Remote Certificate:
    SHA Thumbprint: %6
    Issuing CA:     %7
    Root CA:        %8

Cryptographic Information:
    Cipher Algorithm:   %12
    Integrity Algorithm:    %13
    Diffie-Hellman Group:   %14

Security Association Information:
    Lifetime (minutes): %15
    Quick Mode Limit:   %16
    Main Mode SA ID:    %20

Additional Information:
    Keying Module Name: AuthIP
    Authentication Method:  SSL
    Role:           %17
    Impersonation State:    %18
    Main Mode Filter ID:    %19

Extended Mode Local Endpoint:
    Principal Name:     %21
    Certificate SHA Thumbprint: %22
    Certificate Issuing CA: %23
    Certificate Root CA:    %24

Extended Mode Remote Endpoint:
    Principal Name:     %25
    Certificate SHA Thumbprint: %26
    Certificate Issuing CA: %27
    Certificate Root CA:    %28
Extended Mode Additional Information:
    Authentication Method:  SSL
    Impersonation State:    %29
    Quick Mode Filter ID:   %30

Lookup Audit Policy Configuration Settings


  C:\> AuditPol.exe /get  /subcategory:"IPsec Extended Mode"

How to enable Windows Auditing

Recommended Audit Policy

Operating Systems:

Windows Vista Windows 2008 Windows 2008 R2 Windows 7 Windows 2012 Windows 2012 R2 Windows 8 Windows 8.1 Windows 10 Windows 2016 Windows 2019 Windows 11 Windows 2022

Audit Category:

Logon/Logoff

Audit Subcategory:

IPsec Extended Mode

LEFT/RIGHT arrow keys for navigation

Back to List