What can cause a DirectAccess IPSec Main Mode Error "no policy configured"
Posted
by
Mike Haboustak
on Server Fault
See other posts from Server Fault
or by Mike Haboustak
Published on 2011-09-16T18:08:42Z
Indexed on
2014/06/09
9:28 UTC
Read the original article
Hit count: 1248
We have Microsoft's DirectAccess VPN set up on Server 2008 R2 with end-to-edge security, and we're having trouble with the manage-out tunnel.
The DirectAccess client has DC/DNS and intranet connectivity, it can ping/rdp/etc to intranet hosts. However connections originating from those same intranet hosts can only intermittently reach the client. At times it works fine, other times it doesn't.
When an inbound (intranet to client) connection is attempted there's an IPSec Main Mode failure logged: Event 4653 with a failure reason of "No Policy Configured".
I think that it may be related to the state of the intranet (corp) access tunnel, and an overlap in the configured subnets for those polices. I haven't figured out exactly what's different in the scenario where the connection works and where it does not.
© Server Fault or respective owner