TSHOOT: VPN L2TP not working on some Windows machines

Problem: Client behind NAT devices are unable to connect to VPN L2TP
Solution: Modern Windows devices do not support L2TP/IPsec connections when the Windows computer or VPN server are located behind a NAT. If the Windows VPN client fails with Error 809 when trying to establish a VPN connection to an MX located behind a NAT, add the “AssumeUDPEncapsulationContextOnSendRule” DWORD value to the Windows registry. This DWORD value allows Windows to establish security associations when both the VPN server and the Windows based VPN client computer are behind NAT devices.
For Windows XP:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPSec

RegValue: AssumeUDPEncapsulationContextOnSendRule

Type: DWORD

Data Value: 2
For Windows Vista, 7, 8, 10, and 2008 Server:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent

RegValue: AssumeUDPEncapsulationContextOnSendRule

Type: DWORD

Data Value: 2
Note that after creating this key you will need to reboot the machine. For more information, reference the Microsoft Support Knowledge Base.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s