Event ID 5451

An IPsec quick mode security association was established.

An IPsec quick mode security association was established.

Local Endpoint:
    Network Address:    %1
    Network Address mask:   %2
    Port:           %3
    Tunnel Endpoint:        %4

Remote Endpoint:
    Network Address:    %5
    Network Address Mask:   %6
    Port:           %7
    Private Address:        %8
    Tunnel Endpoint:        %9

    Protocol:       %10
    Keying Module Name: %11

Cryptographic Information:
    Integrity Algorithm - AH:   %12
    Integrity Algorithm - ESP:  %13
    Encryption Algorithm:   %14

Security Association Information:
    Lifetime - seconds: %15
    Lifetime - data:        %16
    Lifetime - packets: %17
    Mode:           %18
    Role:           %19
    Quick Mode Filter ID:   %20
    Main Mode SA ID:    %21
    Quick Mode SA ID:   %22

Additional Information:
    Inbound SPI:        %23
    Outbound SPI:       %24

Lookup Audit Policy Configuration Settings


  C:\> AuditPol.exe /get  /subcategory:"IPsec Quick Mode"

How to enable Windows Auditing

Recommended Audit Policy

Operating Systems:

Windows Vista Windows 2008 Windows 2008 R2 Windows 7 Windows 2012 Windows 2012 R2 Windows 8 Windows 8.1 Windows 10 Windows 2016 Windows 2019 Windows 11 Windows 2022

Audit Category:

Logon/Logoff

Audit Subcategory:

IPsec Quick Mode

LEFT/RIGHT arrow keys for navigation

Back to List