Event ID - 4981

Event Id4981
SourceMicrosoft-Windows-Security-Auditing
DescriptionIPsec Main Mode and Extended Mode security associations were established.

Local Endpoint:
      Principal Name: <Principal Name>
      Network Address: <Network Address>
      Keying Module Port: <Keying Module Port>     

Local Certificate:
      SHA Thumbprint: <SHA Thumbprint>
      Issuing CA: <Issuing CA>
      Root CA: <Root CA>     

Remote Endpoint:
      Principal Name: <Principal Name>
      Network Address: <Network Address>
      Keying Module Port: <Keying Module Port>     

Remote Certificate:
      SHA Thumbprint: <SHA Thumbprint>
      Issuing CA: <Issuing CA>
      Root CA: <Root CA>     

Cryptographic Information:
      Cipher Algorithm: <Cipher Algorithm>
      Integrity Algorithm: <Integrity Algorithm>
      Diffie-Hellman Group: <Diffie-Hellman Group>     

Security Association Information:
      Lifetime (minutes): <Lifetime>
      Quick Mode Limit: <Quick Mode Limit>
      Main Mode SA ID: <Main Mode SA ID>     

Additional Information:
      Keying Module Name: <Keying Module Name>
      Authentication Method: <Authentication Method>
      Role: <Role>
      Impersonation State:<Impersonation State>
      Main Mode Filter ID: <Main Mode Filter ID>     

Extended Mode Information:
      Local Principal Name: <Local Principal Name>
      Remote Principal Name: <Remote Principal Name>
      Authentication Method: <Authentication Method>
      Impersonation State:<Impersonation State>
      Quick Mode Filter ID: <Quick Mode Filter ID>     

Event InformationCause :
This event is logged when IPsec main mode and extended mode security association were established.
Reference Links

Catch threats immediately

We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.

See what we caught

Did this information help you to resolve the problem?

Yes: My problem was resolved.
No: The information was not helpful / Partially helpful.