Access L2TP/IPsec server behind a NAT device in Windows

 

Windows by default prevents access to IPsec that is located behind a NAT device like a firewall. This prevents access to the L2TP VPN server in such cases. This can be bypassed by adding a registry entry named

 

AssumeUDPEncapsulationContextOnSendRule.

 

On the Windows computer be sure you are logged in as an admin user.

Click Start

Search for regedit and then right click on it and select Run as Administrator. In Windows XP just double click.

Locate and then click on the following registry key

Windows Vista, 7 and 8 - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent

Windows XP - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPSec

 

On the Edit menu, point to New, and then click DWORD (32-bit) Value.

Type      AssumeUDPEncapsulationContextOnSendRule     and then press ENTER.

Right click on the AssumeUDPEncapsulationContextOnSendRule you just created and click Modify.

In the Value Data box, type the number 2 as the value and click OK.

Exit regedit.

Reboot the computer.