Audit IPsec Quick Mode

Applies to

  • Windows 10
  • Windows Server 2016

Audit IPsec Quick Mode allows you to audit events generated by Internet Key Exchange protocol (IKE) and Authenticated Internet Protocol (AuthIP) during Quick Mode negotiations.

Audit IPsec Quick Mode subcategory is out of scope of this document, because this subcategory is mainly used for IPsec Quick Mode troubleshooting.

Computer Type General Success General Failure Stronger Success Stronger Failure Comments
Domain Controller IF IF IF IF IF - This subcategory is mainly used for IPsec Quick Mode troubleshooting, or for tracing or monitoring IPsec Quick Mode operations.
Member Server IF IF IF IF IF - This subcategory is mainly used for IPsec Quick Mode troubleshooting, or for tracing or monitoring IPsec Quick Mode operations.
Workstation IF IF IF IF IF - This subcategory is mainly used for IPsec Quick Mode troubleshooting, or for tracing or monitoring IPsec Quick Mode operations.

4977: During Quick Mode negotiation, IPsec received an invalid negotiation packet. If this problem persists, it could indicate a network issue or an attempt to modify or replay this negotiation.

5451: An IPsec Quick Mode security association was established.

5452: An IPsec Quick Mode security association ended.