Windows Error 809
If this error appears, the Event Log won't have any relevant logs, as the traffic doesn't reach the MX's WAN interface.
Possible causes and solutions:
Client behind NAT devices
Solution: Modern Windows devices do not support L2TP/IPsec connections when the Windows computer or VPN server are located behind a NAT. If the Windows VPN client fails with Error 809 when trying to establish a VPN connection to an MX located behind a NAT, add the "AssumeUDPEncapsulationContextOnSendRule" DWORD value to the Windows registry. This DWORD value allows Windows to establish security associations when both the VPN server and the Windows-based VPN client computer are behind NAT devices.
For Windows XP:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPSec
RegValue: AssumeUDPEncapsulationContextOnSendRule
Type: DWORD
Value data: 2
Base: Decimal
For Windows Vista, 7, 8, 10, and 2008 server:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent
RegValue: AssumeUDPEncapsulationContextOnSendRule
Type: DWORD
Value data: 2
Base: Decimal
Note: that after creating this key you will need to reboot the machine. For more information, reference this Microsoft Support knowledge base article.
Note: Some third-party network programs can also cause Windows Error 809 to occur. SmartByte is one such program known to cause this issue. Disabling the program should resolve the issue and allow the VPN to connect.
I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.
Please, if this post was useful, leave your kudos and mark it as solved.