top of page

Access L2TP/IPsec server behind a NAT device in Windows


Windows by default prevents access to IPsec that is located behind a NAT device like a firewall. This prevents access to the L2TP VPN server in such cases. This can be bypassed by adding a registry entry named




On the Windows computer be sure you are logged in as an admin user.

Click Start

Search for regedit and then right click on it and select Run as Administrator. In Windows XP just double click.

Locate and then click on the following registry key

Windows Vista, 7 and 8 - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent

Windows XP - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPSec


On the Edit menu, point to New, and then click DWORD (32-bit) Value.

Type      AssumeUDPEncapsulationContextOnSendRule     and then press ENTER.

Right click on the AssumeUDPEncapsulationContextOnSendRule you just created and click Modify.

In the Value Data box, type the number 2 as the value and click OK.

Exit regedit.

Reboot the computer.


bottom of page