Windows Security Log Event ID 4980

Operating Systems Windows 2008 R2 and 7
Windows 2012 R2 and 8.1
Windows 2016 and 10
Windows Server 2019
Category
 • Subcategory
Logon/Logoff
 • IPsec Main Mode
Type Success
Corresponding events
in Windows 2003
and before
 
Discussions on Event ID 4980
Ask a question about this event

4980: IPsec Main Mode and Extended Mode security associations were established

On this page

I haven't been able to produce this event. Have you? If so, please start a discussion (see above) and post a sample along with any comments you may have! Don't forget to sanitize any private information.

Free Security Log Resources by Randy

Supercharger Free Edition


Supercharger's built-in Xpath filters leave the noise behind.

Free.

 

Examples of 4980

IPsec Main Mode and Extended Mode security associations were established.

Main Mode Local Endpoint:

Principal Name:  %1
Network Address: %3
Keying Module Port: %4

Main Mode Remote Endpoint:

Principal Name: %2
Network Address: %5
Keying Module Port: %6

Main Mode Cryptographic Information:

Cipher Algorithm: %8
Integrity Algorithm: %9
Diffie-Hellman Group: %10

Main Mode Security Association:

Lifetime (minutes): %11
Quick Mode Limit: %12
Main Mode SA ID: %16

Main Mode Additional Information:

Keying Module Name: AuthIP
Authentication Method: %7
Role:   %13
Impersonation State: %14
Main Mode Filter ID: %15

Extended Mode Local Endpoint:

Principal Name: %17
Certificate SHA Thumbprint: %18
Certificate Issuing CA: %19
Certificate Root CA: %20

Extended Mode Remote Endpoint:

Principal Name: %21
Certificate SHA Thumbprint: %22
Certificate Issuing CA: %23
Certificate Root CA: %24

Extended Mode Additional Information:

Authentication Method: SSL
Impersonation State: %25
Quick Mode Filter ID: %26

Keep me up-to-date on the Windows Security Log.
Email*:
*We will NOT share this

Top 10 Windows Security Events to Monitor

Free Tool for Windows Event Collection



 

Additional Resources