VPN Error 809

dagarva
Here to help

VPN Error 809

Hi, I'm trying to solve an issue about VPN connection, I use Windows built-in and I'm receiving error 809, what I tried:

 

  • registry key AssumeUDPEncapsulationContextOnSendRule added as Meraki tutorial
  • modified properties of VPN adaptor to allow protocols (Security tab) PAP, CHAP and MS-CHAP v2
  • this computer had other client VPN, uninstalled all + reinstalled WAN Miniports
  • tested with other computer from this network and router source/MX target is not the problem, because other computer connects correctly
  • checked windows updates, everything updated. Windows 10 Home 21H2, compilation SO 19044.2075

 

 

 

any clue? 😄 

5 Replies 5
alemabrahao
Kind of a big deal
Kind of a big deal

Windows Error 809
If this error appears, the Event Log won't have any relevant logs, as the traffic doesn't reach the MX's WAN interface.

Possible causes and solutions:

Client behind NAT devices
​​​​​Solution: Modern Windows devices do not support L2TP/IPsec connections when the Windows computer or VPN server are located behind a NAT. If the Windows VPN client fails with Error 809 when trying to establish a VPN connection to an MX located behind a NAT, add the "AssumeUDPEncapsulationContextOnSendRule" DWORD value to the Windows registry. This DWORD value allows Windows to establish security associations when both the VPN server and the Windows-based VPN client computer are behind NAT devices.

For Windows XP:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPSec

RegValue: AssumeUDPEncapsulationContextOnSendRule

Type: DWORD

Value data: 2
Base: Decimal

For Windows Vista, 7, 8, 10, and 2008 server:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent

RegValue: AssumeUDPEncapsulationContextOnSendRule

Type: DWORD

Value data: 2
Base: Decimal

Note: that after creating this key you will need to reboot the machine. For more information, reference this Microsoft Support knowledge base article.

Note: Some third-party network programs can also cause Windows Error 809 to occur. SmartByte is one such program known to cause this issue. Disabling the program should resolve the issue and allow the VPN to connect.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
PhilipDAth
Kind of a big deal
Kind of a big deal

To make @alemabrahao great response more readible, check out the troubleshooting web page, and make a special note of the registry entries.

https://documentation.meraki.com/MX/Client_VPN/Guided_Client_VPN_Troubleshooting#Windows_Error_809 

ArteckMX
Here to help

It has been erased!

dagarva
Here to help

I did that before post here

DHAnderson
Head in the Cloud

I deployed a vMX in Google Cloud and ran into this same issue:

 

  • Non Windows devices can get into the VPN without any issue.
  • Windows devices give Error 809
  • No real information in the Windows Event Log

 

Technically, the vMX is not natted.  It is setup as a one-armed concentrator, so the one NIC has a public and private IP address.  This is enough to confuse Windows though!

 

So I put the registry key in, and that solved our problem!

 

Thank you @alemabrahao 

Dave Anderson
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels