Windows Security Log Event ID 4980
Operating Systems |
Windows 2008 R2 and 7
Windows 2012 R2 and 8.1
Windows 2016 and 10
Windows Server 2019 and 2022
|
Category • Subcategory | Logon/Logoff • IPsec Main Mode |
Type
|
Success
|
Corresponding events
in Windows
2003 and before |
|
4980: IPsec Main Mode and Extended Mode security associations were established
On this page
I haven't been able to produce this event. Have you? If so, please start a discussion (see above) and post a sample along with any comments you may have! Don't forget to sanitize any private information.
Free Security Log Resources by Randy
Supercharger Free Edition
Your entire Windows Event Collection environment on a single pane of glass.
Free.
IPsec Main Mode and Extended Mode security associations were established.
Main Mode Local Endpoint:
Principal Name: %1
Network Address: %3
Keying Module Port: %4
Main Mode Remote Endpoint:
Principal Name: %2
Network Address: %5
Keying Module Port: %6
Main Mode Cryptographic Information:
Cipher Algorithm: %8
Integrity Algorithm: %9
Diffie-Hellman Group: %10
Main Mode Security Association:
Lifetime (minutes): %11
Quick Mode Limit: %12
Main Mode SA ID: %16
Main Mode Additional Information:
Keying Module Name: AuthIP
Authentication Method: %7
Role: %13
Impersonation State: %14
Main Mode Filter ID: %15
Extended Mode Local Endpoint:
Principal Name: %17
Certificate SHA Thumbprint: %18
Certificate Issuing CA: %19
Certificate Root CA: %20
Extended Mode Remote Endpoint:
Principal Name: %21
Certificate SHA Thumbprint: %22
Certificate Issuing CA: %23
Certificate Root CA: %24
Extended Mode Additional Information:
Authentication Method: SSL
Impersonation State: %25
Quick Mode Filter ID: %26
Top 10 Windows Security Events to Monitor
Free Tool for Windows Event Collection