4980: IPsec Main Mode and Extended Mode security associations were established
I haven't been able to produce this event. Have you? If so, please start a discussion (see above) and post a sample along with any comments you may have! Don't forget to sanitize any private information.
IPsec Main Mode and Extended Mode security associations were established.
Main Mode Local Endpoint:
Principal Name: %1
Network Address: %3
Keying Module Port: %4
Main Mode Remote Endpoint:
Principal Name: %2
Network Address: %5
Keying Module Port: %6
Main Mode Cryptographic Information:
Cipher Algorithm: %8
Integrity Algorithm: %9
Diffie-Hellman Group: %10
Main Mode Security Association:
Lifetime (minutes): %11
Quick Mode Limit: %12
Main Mode SA ID: %16
Main Mode Additional Information:
Keying Module Name: AuthIP
Authentication Method: %7
Role: %13
Impersonation State: %14
Main Mode Filter ID: %15
Extended Mode Local Endpoint:
Principal Name: %17
Certificate SHA Thumbprint: %18
Certificate Issuing CA: %19
Certificate Root CA: %20
Extended Mode Remote Endpoint:
Principal Name: %21
Certificate SHA Thumbprint: %22
Certificate Issuing CA: %23
Certificate Root CA: %24
Extended Mode Additional Information:
Authentication Method: SSL
Impersonation State: %25
Quick Mode Filter ID: %26
Top 10 Windows Security Events to Monitor
Free Tool for Windows Event Collection