Audit IPsec Quick Mode
Applies To: Windows 7, Windows Server 2008 R2
This security policy setting determines whether the operating system generates audit events for the results of the Internet Key Exchange (IKE) protocol and Authenticated Internet Protocol (AuthIP) during Quick Mode negotiations.
Event volume: High
Default: Not configured
If this policy setting is configured, the following events are generated. The events appear on computers running Windows Server 2008 R2, Windows Server 2008, Windows 7, or Windows Vista.
Event ID | Event message |
---|---|
4977 |
During Quick Mode negotiation, IPsec received an invalid negotiation packet. If this problem persists, it could indicate a network issue or an attempt to modify or replay this negotiation. |
5451 |
An IPsec Quick Mode security association was established. |
5452 |
An IPsec Quick Mode security association ended. |