HomeWindows 7 HelpNetworkingSetting up a VPN L2TP/IPSEC Connection

2.5. Setting up a VPN L2TP/IPSEC Connection

Windows 7 includes a native client that lets you manage your VPN L2TP/IPSec connections.

In this article:

1- Configuring a new VPN L2TP/IPSec connection with the Windows 7 native client

2- Connect to the VPN

3- Disconnect from the VPN

4- If you experience problems with your VPN connection

1- Configuring a new VPN L2TP/IPSec connection with the Windows 7 native client


1- Open the "Network and Sharing Center". This can be found in the Control Panel under "Network and Internet".



2- Select "Set up a new connection or network".



3- Select the connection type: "Connect to a workplace".



4- If other connections are already configured, select "Create a new connection".

If there was no connection previously configured, skip this step.


5- Select "Use my Internet Connection (VPN)".



6- During this step you will need to:

- Specify the public IP address of your Cisco ASA firewall .

- Give a meaningful name to your new VPN connection.

- Do not connect to the VPN immediately, as you will have to make a few modifications to the VPN connection, as described in the next steps.



7-  Specify the username and password password that were given to you byyour firewall/VPN administrator. Click on "Create" once you have filled out the form.



8- Close the window.



9- Go back to the "Network and Sharing Center" to modify your new VPN connection's settings. Click on "Change adapter settings" to the left.


10- Select your connection, right-click and select the "Properties" menu item.



11- In the "Options" tab, uncheck the Windows Domain box:



12- On the "Security" tab, select the following options :

- VPN Type: L2TP/IPSec

- Data Encryption: Maximum strength encryption

- Authentication Method: MS-CHAP-v2



13- Staying on the "Security" tab, change the VPN Advanced Settings by selecting the "Pre-shared key" option.

You will need the shared key ("Pre-shared key") that was given to your by your firewall/VPN administrator.



You have completed the configuration of your new VPN L2TP/IPSec connection on your Windows 7 machine.


2- Connecting to the VPN.

 1- From the "Network and Sharing Center", click on "Connect to a network" and select your connection, then click on "Connect".



2- Enter the username and password that were given to you byyour firewall/VPN administrator and click on "Connect".




The VPN connection should be established.




3- Disconnect from the VPN

 1- From the "Network and Sharing Center", click on "Connect or disconnect", select your connection and click on "Disconnect".



4- If you experience problems with your VPN connection

a- Make sure your computer is connected to the internet.

b- Make sure that you followed the connection instructions (described above), double-check as required.

c- Make sure that the connection credentials you are using are valid and are those that your firewall/VPN administrator gave you (firewall IP address, username, password, shared key).

If the problem persists, contact your firewall/VPN administrator.

IF your getting the following error when connecting to the VPN please try the following fix


Windows Error 809

If this error appears, the Event Log won't have any relevant logs, as the traffic doesn't reach the MX's WAN interface.

Possible causes and solutions:

Client behind NAT devices
Solution: Modern Windows devices do not support L2TP/IPsec connections when the Windows computer or VPN server are located behind a NAT. If the Windows VPN client fails with Error 809 when trying to establish a VPN connection to an MX located behind a NAT, add the "AssumeUDPEncapsulationContextOnSendRule" DWORD value to the Windows registry. This DWORD value allows Windows to establish security associations when both the VPN server and the Windows based VPN client computer are behind NAT devices.


For Windows Vista, 7, 8, 10, and 2008 Server:


RegValue: AssumeUDPEncapsulationContextOnSendRule


Data Value: 2




Then reboot the machine this will now allow you to connect to the network remotely and allow you to RDP to any machine on your network that is setup with RDP access


This page was: Helpful | Not Helpful