Event ID 4655 – An IPsec Main Mode Security Association Ended
Event ID | 4655 |
Category | Logon/Logoff |
Sub-Category | Audit IPsec Main Mode |
Description | An IPsec Main Mode security association ended. |
Events generated by the Authenticated Internet Protocol (AuthIP) and the Internet Key Exchange protocol (IKE) during Main Mode negotiations are audited by the codes which fall under Audit IPsec Main Mode subcategory. Event 4655 falls under this category.
Example of 4655 log:
An IPsec QUick Mode negotiation failed.
Local Network Address: %1
Remote Network Address: %2
Keying Module Name: %3
Main Mode SA ID: %4
Why does event ID 4655 need to be monitored?
- Security events which fall under the Audit IPsec Main Mode subcategory are monitored primarily for IPsec Main Mode troubleshooting.
Pro Tip:
With in-depth reports, real-time alerts, and graphical displays, ADAudit Plus tracks all IPsec security associations, helping you meet your security, operational, and compliance needs with absolute ease.
Event 4655 applies to the following operating systems:
- Windows 10
- Windows Server 2016
Explore Active Directory auditing and reporting with ADAudit Plus.
- Related Products
- ADManager Plus Active Directory Management & Reporting
- ADAudit Plus Real-time Active Directory Auditing and UBA
- EventLog Analyzer Real-time Log Analysis & Reporting
- ADSelfService Plus Self-Service Password Management
- AD360 Integrated Identity & Access Management
- Log360 (On-Premise | Cloud) Comprehensive SIEM and UEBA
- AD Free Tools Active Directory FREE Tools