| Event Id | 4980 |
| Source | Microsoft-Windows-Security-Auditing |
| Description | IPsec Main Mode and Extended Mode security associations were established. Main Mode Local Endpoint: Principal Name: <Principal Name> Network Address:<Network Address> Keying Module Port:<Keying Module Port> Main Mode Remote Endpoint: Principal Name: <Principal Name> Network Address: <Network Address> Keying Module Port: <Keying Module Port> Main Mode Cryptographic Information: Cipher Algorithm: <Cipher Algorithm> Integrity Algorithm: <Integrity Algorithm> Diffie-Hellman Group: <Diffie-Hellman Group> Main Mode Security Association: Lifetime (minutes): <Lifetime> Quick Mode Limit: <Quick Mode Limit> Main Mode SA ID: <Main Mode SA ID> Main Mode Additional Information: Keying Module Name: <Keying Module Name> Authentication Method: <Authentication Method> Role:<Role> Impersonation State: <Impersonation State> Main Mode Filter ID: <Main Mode Filter ID> Extended Mode Local Endpoint: Principal Name: <Principal Name> Certificate SHA Thumbprint: <Certificate SHA Thumbprint> Certificate Issuing CA: <Certificate Issuing CA> Certificate Root CA: <Certificate Root CA> Extended Mode Remote Endpoint: Principal Name: <Principal Name> Certificate SHA Thumbprint: <Certificate SHA Thumbprint> Certificate Issuing CA: <Certificate Issuing CA> Certificate Root CA: <Certificate Root CA> Extended Mode Additional Information: Authentication Method: <Authentication Method> Impersonation State:<Impersonation State> Quick Mode Filter ID: <Quick Mode Filter ID> |
| Event Information | Cause : This event is logged when an IPsec Main mode and extended mode security association were established. |
| Reference Links |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.