When a VPN server or the client is behind a NAT device the Windows client needs an registry update for the VPN connection to work.

This affects: Windows Vista, Windows 7, Windows 8, Windows 10 and Windows Server 2008.

You can download and run the following file AssumeUDPEncapsulationContextOnSendRule.reg and restart the computer.

Or follow this guide to do it manually.

To create and configure the AssumeUDPEncapsulationContextOnSendRule registry value, follow these steps:

1. Log on to the Windows client computer as a user who is a member of the Administrators group.
2. Click Start, point to All Programs, click Accessories, click Run, type regedit, and then click OK. If the User Account Control dialog box is displayed on the screen and prompts you to elevate your administrator token, click Continue.
3. Locate and then click the following registry subkey:
   HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent

   Note You can also apply the AssumeUDPEncapsulationContextOnSendRule DWORD value to a Microsoft Windows XP Service Pack 2 (SP2)-based VPN client computer. To do this, locate and then click the following registry subkey:

   HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPSec
4. On the Edit menu, point to New, and then click DWORD (32-bit) Value.
5. Type AssumeUDPEncapsulationContextOnSendRule, and then press ENTER.
6. Right-click AssumeUDPEncapsulationContextOnSendRule, and then click Modify.
7. In the Value Data box, there are 3 options, type 2 in the Value Data box:
   • 0
     A value of 0 (zero) configures Windows so that it cannot establish security associations with servers that are located behind NAT devices. This is the default value.
   • 1
     A value of 1 configures Windows so that it can establish security associations with servers that are located behind NAT devices.
   • 2
     A value of 2 configures Windows so that it can establish security associations when both the server and the Windows Vista-based or Windows Server 2008-based VPN client computer are behind NAT devices.
8. Click OK, and then exit Registry Editor.
9. Restart the computer.

To read more about this click here https://support.microsoft.com/en-us/help/926179/how-to-configure-an-l2tp-ipsec-server-behind-a-nat-t-device-in-windows