Enable Windows VPN connection when server or client behind NAT

Modern Windows devices do not support L2TP/IPsec connections when the Windows computer or VPN server are located behind a NAT. If the Windows VPN client fails with Error 809 when trying to establish a VPN connection to an MX located behind a NAT, add the “AssumeUDPEncapsulationContextOnSendRule” DWORD value to the Windows registry. This DWORD value allows Windows to establish security associations when both the VPN server and the Windows based VPN client computer are behind NAT devices.

For Windows XP:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPSec
RegValue: AssumeUDPEncapsulationContextOnSendRule
Type: DWORD
Data Value: 2

For Windows Vista, 7, 8, 10, and 2008 Server:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent 
RegValue: AssumeUDPEncapsulationContextOnSendRule
Type: DWORD
Data Value: 2

Note that after creating this key you will need to reboot the machine. For more information, reference the Microsoft Support Knowledge Base.

Real name:

E-Mail:

Enter your comment:

Please solve the following equation to prove you're human. 146 -15 =  Please keep this field empty:

Subscribe to comments

Enable Windows VPN connection when server or client behind NAT

Discussion

Eureka Moment