By default, Windows 10/11 does not allow IPSEC connections behind a NAT.
- Open Regedit and navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent
- Under the edit menu select new DWORD (32-bit) Value.
- Type AssumeUDPEncapsulationContextOnSendRule and hit enter.
- Right Click AssumeUDPEncapsulationContextOnSendRule and select Modify.
- In the Value Data box type the value of 2 to allow VPN connections when the Server and Client are located behind a NAT.