• SonicOS and SonicOSX 7 IPSec VPN
• IPSec VPN Overview
  • About Virtual Private Networks
  • VPN Types
    • IPsec VPN
    • DHCP over VPN
    • L2TP with IPsec
    • SSL VPN
  • VPN Security
    • About IKEv1
    • About IKEv2
    • Mobility and Multi-homing Protocol for IKEv2 (MOBIKE)
    • About IPsec (Phase 2) Proposal
    • About Suite B Cryptography
  • VPN Base Settings and Displays
    • Policies
    • Active Tunnels
    • Settings
  • IPv6 VPN Configuration
• Site to Site VPNs
  • Planning Site to Site Configurations
  • General VPN Configuration
    • Configuring Settings on the General Tab
    • Configuring Settings on the Network Tab
    • Configuring Settings on the Proposals Tab
    • Configuring Settings on the Advanced Tab
  • Managing GroupVPN Policies
    • Configuring IKE Using a Preshared Secret Key
    • Configuring IKE Using 3rd Party Certificates
    • Downloading a GroupVPN Client Policy
  • Creating Site to Site VPN Policies
    • Configuring with a Preshared Secret Key
    • Configuring with a Manual Key
    • Configuring with a Third-Party Certificate
    • Configuring the Remote SonicWall Network Security Appliance
    • Configuring VPN Failover to a Static Route
• VPN Auto Provisioning
  • About VPN Auto Provisioning
    • Defining VPN Auto Provisioning
    • Benefits of VPN Auto Provisioning
    • How VPN Auto Provisioning Works
      • About Establishing the IKE Phase 1 Security Association
      • About Establishing IKE Phase 2 using a Provisioned Policy
  • Configuring a VPN AP Server
    • Starting the VPN AP Server Configuration
    • Configuring VPN AP Server Settings on General
    • Configuring VPN AP Server Settings on Network
    • Configuring Advanced Settings on Proposals
    • Configuring Advanced Settings on Advanced
  • Configuring a VPN AP Client
• Rules and Settings
  • Adding a Tunnel Interface
    • Creating a Static Route for the Tunnel Interface
  • Route Entries for Different Network Segments
  • Redundant Static Routes for a Network
• Advanced
  • Configuring Advanced VPN Settings
  • Configuring IKEv2 Settings
  • Using OCSP with SonicWall Network Security Appliances
    • OpenCA OCSP Responder
    • Loading Certificates to Use with OCSP
    • Using OCSP with VPN Policies
• DHCP over VPN
  • DHCP Relay Mode
  • Configuring the Central Gateway for DHCP Over VPN
  • Configuring DHCP over VPN Remote Gateway
  • Current DHCP over VPN Leases
• L2TP Servers and VPN Client Access
  • Configuring the L2TP Server
  • Viewing Currently Active L2TP Sessions
  • Configuring Microsoft Windows L2TP VPN Client Access
  • Configuring Google Android L2TP VPN Client Access
• AWS VPN
  • Overview
  • Creating a New VPN Connection
  • Reviewing the VPN Connection
    • Configuration on the Firewall
    • Configuration on Amazon Web Services
  • Route Propagation
  • AWS Regions
  • Deleting VPN Connections
• SonicWall Support
  • About This Document

Configuring Google Android L2TP VPN Client Access

This provides an example for configuring L2TP client access to WAN GroupVPN SA using the built-in L2TP Server and Google Android’s L2TP VPN Client.

To enable Google Android L2TP VPN Client access to WAN GroupVPN SA, perform the following steps

1. Navigate to the NETWORK | IPSec VPN > Rules and Settings page.
2. For the WAN GroupVPN policy, click the Edit icon.
3. Select IKE using Preshared Secret (default) from the Authentication Method drop-down menu.
4. Enter a shared secret passphrase in the Shared Secret field to complete the client policy configuration.
5. Click Proposals.

6. Provide the following settings for IKE (Phase 1) Proposal:

   • DH Group: Group 2
   • Encryption: 3DES
   • Authentication: SHA1
   • Life Time (seconds): 28800

7. Provide the following settings for IPsec (Phase 2) Proposal:

   • Protocol: ESP
   • Encryption: DES
   • Authentication: SHA1
   • Enable Perfect Forward Secrecy: Enabled
   • Life Time (seconds): 28800
8. Click Advanced.

9. Set the following options:

   • Enable Multicast: Disabled
   • Management via this SA: Disable all
   • Default Gateway: 0.0.0.0
   • Require authentication of VPN clients by XAUTH: Enabled
   • User group for XAUTH users: Trusted Users
10. Click Client.

11. Set the following options:

    • Cache XAUTH User Name and Password on Client: Single Session or Always
    • Virtual Adapter setting: DHCP Lease
    • Allow Connections to: Split Tunnels
    • Set Default Route as this Gateway: Disabled
    • Apply VPN Access Control List: Disabled
    • Use Default Key for Simple Client Provisioning: Enabled
12. Click OK.
13. Navigate to the NETWORK | IPSec VPN > L2TP Server page.
14. Select Enable the L2TP Server.
15. Click Configure.

16. Provide the following L2TP server settings:

    • Keep alive time (secs): 60
    • DNS Server 1: 199.2.252.10 (or use your ISPs DNS)
    • DNS Server 2: 4.2.2.2 (or use your ISPs DNS)
    • DNS Server 3: 0.0.0.0 (or use your ISPs DNS)
    • WINS Server 1: 0.0.0.0 (or use your WINS IP)
    • WINS Server 2: 0.0.0.0 (or use your WINS IP)
17. Click L2TP Users.

18. Set the following options:

    • IP address provided by RADIUS/LDAP Server: Disabled
    • Use the Local L2TP IP Pool: Enabled
    • Start IP: 10.20.0.1 (or use your own)
    • End IP: 10.20.0.20 (or use your own)
19. In the User Group for L2TP Users drop-down menu, select Trusted Users.
20. Click Save.
21. Navigate to the DEVICE | Users > Local Users & Groups page.
22. Click Local Users.
23. Click +Add User.
24. In the Settings screen, specify a user Name and Password.

25. In the VPN Access screen, add the desired network address object(s) that the L2TP clients to the access list networks.

    At the minimum add the LAN Subnets, LAN Primary Subnet, and L2TP IP Pool address objects to the access list.

    You have now completed the SonicOS/X configuration.

26. On your Google Android device, complete the following L2TP VPN Client configuration to enable secure access:
    1. Navigate to the APP page, and select the Settings icon. From the Settings menu, select Wireless & networks.
    2. Select VPN Settings, and click Add VPN.
    3. Select Add L2TP/IPSec PSK VPN.
    4. Under VPN Name, enter a VPN friendly name.
    5. Set VPN Server.
    6. Enter the public IP address of firewall.
    7. Set IPSec preshared key: enter the passphrase for your WAN GroupVPN policy.
    8. Leave L2TP secret blank.
    9. If you want set LAN domain setting. They are optional.
    10. Enter your XAUTH username and password. Click Connect.
27. Verify your Google Android device is connected by navigating to the NETWORK | IPSec VPN > Rules and Settings page. The VPN client is displayed in the Currently Active VPN Tunnels section.