FixHub
Networking

VPN Error 809 ("Network Connection Could Not Be Established")? Unblock UDP 500/4500 First

Published June 10, 2026 · by The FixHub Team

Your Windows VPN won’t connect, failing with Error 809: “The network connection between your computer and the VPN server could not be established because the remote server is not responding.”

Why the popular registry fix is usually wrong: forums tell everyone to add the AssumeUDPEncapsulation registry key for every 809. But that key is only for one specific case — an L2TP/IPsec client sitting behind NAT connecting to a server also behind NAT. For most 809s, the real cause is simpler: the UDP ports the VPN needs are blocked somewhere between you and the server. Open the ports first.

Fix 1: Unblock the VPN’s UDP ports

IKEv2 and L2TP/IPsec need these open end-to-end (your firewall, router, and the server side):

  • UDP 500 (IKE)
  • UDP 4500 (NAT-T)
  • (L2TP also uses UDP 1701; IKEv2 is just 500/4500)

Check Windows Defender Firewall, your router/NAT, and any security software. On a quick test, temporarily allow these ports and retry. If you’re on a restrictive network (hotel/corporate Wi-Fi), those ports are often blocked — try a different network to confirm.

Fix 2: Add the AssumeUDPEncapsulation key — only if behind NAT

If both client and server are behind NAT and you’re using L2TP/IPsec, this documented key is the fix. In regedit, at:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent

Create a DWORD (32-bit) named AssumeUDPEncapsulationContextOnSendRule and set it to 2. Reboot. (Value 2 = both ends may be behind NAT.)

Fix 3: Confirm the VPN type and server address

  • The connection’s VPN type must match the server (IKEv2 vs L2TP vs Automatic). A mismatch produces 809.
  • Verify the server name/IP resolves (try ping/Test-NetConnection <server> -Port 500).

Fix 4: Restart the IPsec services

Admin Command Prompt:

net stop ikeext && net start ikeext

(Restart IKE and AuthIP IPsec Keying Modules.) Then retry.

FAQ

Why does it work on my phone hotspot but not at the office? The office firewall is blocking UDP 500/4500. That confirms it’s ports, not your PC — ask the network admin to open them (Fix 1).

I added AssumeUDPEncapsulation and nothing changed. Then NAT wasn’t your issue — it’s blocked ports (Fix 1) or a VPN-type mismatch (Fix 3). Remove the key if it’s not the NAT case.

Sources: Microsoft Learn — Troubleshoot VPN connections (ports and 809)