Windows does not connect to L2TP / IPSec server behind NAT¶

By default, Windows OS does not allow connection to L2TP / IPSec server if that one is behind NAT. This case and the method for solving it are described on the sites microsoft.com. For example on the official site и or here.

To allow such a connection, you need to do the following:

Go to the Windows Registry Editor (regedit)
There go to the branch “HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesPolicyAgent”
Add a key with the following parameters:

“Key parameters”¶

key type DWORD (32-bit) Value

key name AssumeUDPEncapsulationContextOnSendRule

Set the required key value:

“Key value”¶

0 Windows client connection to L2TP / IPSec server behind NAT is not allowed

1 Windows client connection to L2TP / IPSec server behind NAT is allowed

2 Windows client connection behind NAT, with L2TP / IPSec server behind NAT allowed

Restart Windows OS
Connection to L2TP / IPSec servers behind NAT is successful

“Key parameters”¶
key type	DWORD (32-bit) Value
key name	AssumeUDPEncapsulationContextOnSendRule