WinSecWiki > Security Settings > Local Policies > Audit Policy > Audit Logon > IPsec Main

IPsec Main Mode

IPSec is an IP protocol that provides authentication, integrity and optionally encryption at the packet level. This subcategory records all IPSec main mode events. Why is this subcategory under Logon/Logoff? Your guess is as good as mine.

There are additional subcategories for quick mode and extended mode as well as the IPSec driver itself. You can only configure this category using auditpol.

Coverage on events generated by this category are currently in the Security Log Encyclopedia:

Event ID	Title
4650	An IPsec Main Mode security association was established
4651	An IPsec Main Mode security association was established
4652	An IPsec Main Mode negotiation failed
4653	An IPsec Main Mode negotiation failed
4655	An IPsec Main Mode security association ended
4976	During Main Mode negotiation, IPsec received an invalid negotiation packet.
4979	DIPsec Main Mode and Extended Mode security associations were established.
4980	IPsec Main Mode and Extended Mode security associations were established.
4981	IPsec Main Mode and Extended Mode security associations were established.
4982	IPsec Main Mode and Extended Mode security associations were established.
4983	An IPsec Extended Mode negotiation failed.
4984	An IPsec Extended Mode negotiation failed.

Back to top

 

Upcoming Webinars Anatomy of a Cloud Hack: The Cloudflare/Okta Compromise – A Story of Tokens, Lateral Movement, Persistence and the Salvation of Zero Trust and Hard MFA Tokens

Additional Resources