Event ID 5452 – An IPsec Quick Mode Security Association Ended
Event ID | 5452 |
Category | Logon/Logoff |
Sub-Category | Audit IPsec Quick Mode |
Description | An IPsec Quick Mode security association ended. |
Example of 5452 log:
An IPsec Quick Mode security association ended.
Local Endpoint:
Network Address: %1
Port: %2
Tunnel Endpoint: %3
Remote Endpoint:
Network Address: %4
Port: %5
Tunnel Endpoint: %6
Additional Information:
Protocol: %7
Quick Mode SA ID: %8
Virtual Interface Tunnel ID: %9
Traffic Selector ID: %10
Note: Only computers running Windows 7 or Windows Server 2008 will have Virtual Interface Tunnel ID and Traffic Selctor ID data available in the 5452 logs.
Why does event ID 5452 need to be monitored?
Security events which fall under the Audit IPsec Quick Mode subcategory are monitored primarily for IPsec Quick Mode troubleshooting.
Pro Tip:
Security events which fall under the Audit IPsec Quick Mode subcategory are monitored primarily for IPsec Quick Mode troubleshooting.
Event 5452 applies to the following operating systems:
- Windows Server 2016
- Windows 10
- Windows Server 2008
- Windows 7
Explore Active Directory auditing and reporting with ADAudit Plus.
- Related Products
- ADManager Plus Active Directory Management & Reporting
- ADAudit Plus Real-time Active Directory Auditing and UBA
- EventLog Analyzer Real-time Log Analysis & Reporting
- ADSelfService Plus Self-Service Password Management
- AD360 Integrated Identity & Access Management
- Log360 (On-Premise | Cloud) Comprehensive SIEM and UEBA
- AD Free Tools Active Directory FREE Tools