Windows built-in L2TP/IPSEC VPN Client fails to connect when either side is behind a NAT firewall
In particular this can occur when connecting from Windows client to a Windows Server L2TP/IPSEC VPN (lol...)
To allow the client to connect in such situations, create a fixvpn.reg file containing:
REG ADD HKLM\SYSTEM\CurrentControlSet\Services\PolicyAgent /v AssumeUDPEncapsulationContextOnSendRule /t REG_DWORD /d 0x2 /fRight click it and Run as Administrator, then Reboot.
Hopefully once this registry setting is in place future connections will succeed.
Read more about the problem and these registry settings here: here.