Event ID 5452

An IPsec quick mode security association ended.

An IPsec quick mode security association ended.

Local Endpoint:
    Network Address:    %1
    Port:           %2
    Tunnel Endpoint:        %3

Remote Endpoint:
    Network Address:    %4
    Port:           %5
    Tunnel Endpoint:        %6

Additional Information:
    Protocol:       %7
    Quick Mode SA ID:   %8

Lookup Audit Policy Configuration Settings


  C:\> AuditPol.exe /get  /subcategory:"IPsec Quick Mode"

How to enable Windows Auditing

Recommended Audit Policy

Operating Systems:

Windows Vista Windows 2008 Windows 2008 R2 Windows 7 Windows 2012 Windows 2012 R2 Windows 8 Windows 8.1 Windows 10 Windows 2016 Windows 2019 Windows 11 Windows 2022

Audit Category:

Logon/Logoff

Audit Subcategory:

IPsec Quick Mode

LEFT/RIGHT arrow keys for navigation

Back to List