IKE security association established. Mode: %1 Peer Identity: %2 Filter: %3 Parameters: %4

Details
Product: Windows Operating System
Event ID: 541
Source: Security
Version: 5.0
Component: Security Event Log
Symbolic Name: SE_AUDITID_IPSEC_LOGON_SUCCESS
Message: IKE security association established. Mode: %1 Peer Identity: %2 Filter: %3 Parameters: %4
   
Explanation

If IP Security returns (Mode == Key Exchange (Main mode)), this means that the peer has successfully authenticated, and the Key Exchange security association is established. If the value returned is (Mode == Data Protect (Quick mode)), this means that a Data Protection security association over the given filter has been established.

   
User Action

The main purpose of the success security audits is to track an attacker after the fact.

Related:

Leave a Reply