Hi ,
Based on my understanding, you put a VPN server behind a NAT device. Is that right? Please feel free to let me know if I have any misunderstanding.
If yes, the Windows built-in VPN client doesn’t support by default L2TP/IPsec connections through NAT. This is because IPsec uses ESP (Encapsulating Security Payload) to encrypt packets, and ESP doesn’t support PAT (Port Address Translation).
As a workaround, you can create a registry key of AssumeUDPEncapsulationContextOnSendRule
in the following path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent
0 – (a default value) suggests that the server is connected to the Internet without NAT;
1 – the VPN server is behind a NAT device ;
2 – both VPN server and client are behind a NAT.
When it's set to 1, Windows can establish security associations with servers that are located behind NAT devices.
For your reference:
Configure a L2TP/IPsec server behind a NAT-T device
Configuring L2TP/IPSec VPN Connection Behind a NAT, VPN Error Code 809
Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.
Best Regards,
Candy
--------------------------------------------------------------
If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.