Audit IPsec Quick Mode

This security policy setting determines whether the operating system generates audit events for the results of the Internet Key Exchange (IKE) protocol and Authenticated Internet Protocol (AuthIP) during Quick Mode negotiations.

Event volume: High

If this policy setting is configured, the following events are generated. The events appear on computers running Windows Server 2008 R2, Windows Server 2008, Windows 7, or Windows Vista.

  • 4977: During Quick Mode negotiation, IPsec received an invalid negotiation packet. If this problem persists, it could indicate a network issue or an attempt to modify or replay this negotiation.
  • 5451: An IPsec Quick Mode security association was established.
  • 5452: An IPsec Quick Mode security association ended.

Scope: 

Computer

Default: 

Not configured

Related content