Support Center > Search Results > SecureKnowledge Details
Windows L2TP users cannot connect, Windows shows error 809. L2TP client continuously sends "delete" for Phase 2 keys after Phase 2 completion. Technical Level
  • One of these errors appears when Windows users start the L2TP connection:

    • "Error 809"
    • "The user XXX dialed a connection named XXX which has failed. The error code returned on failure is 809."
    • "The network connection between your computer and the VPN server could not be established"
  • "Encryption fail reason: decrypted and user methods are not identical (VPN Error code 02)" log appears in SmartView Tracker.

  • "Cannot control L2TP tunnel owned by others" log may appear in SmartView Tracker / SmartLog.

  • When NAT-T is used, the L2TP client sends a "delete" packet after every successful Phase 2 completion.


By default, Windows OS does not support Internet Protocol Security (IPsec) Network Address Translation Traversal (NAT-T) security associations to servers that are located behind a NAT device.

Because of the way, in which NAT devices translate network traffic, you may experience unexpected results when you put a server behind a NAT device and then use an IPsec NAT-T environment.


On the Windows computer:

  1. Login to the Windows OS as Administrator.
  2. Click the Start menu > Run.
  3. Enter this command and press Enter / click OK:
    The Windows Registry Editor opens.
  4. Go to this entry:
  5. Right-click the PolicyAgent key > click New > click DWORD (32-bit) value.
  6. Enter this string as the name of the new key and press Enter:
  7. Double-click the new key to modify it.
  8. In the Value data field, change the value from 0 to 2 and click OK.
  9. Close the Windows Registry Editor.
  10. Reboot the computer.
  11. Start the L2TP connection.


Give us Feedback
Please rate this document