SonicOS 7.1 IPSec VPN
- SonicOS 7.1
- About SonicOS
- IPSec VPN Overview
- Site to Site VPNs
- VPN Auto Provisioning
- Rules and Settings
- Advanced
- DHCP over VPN
- L2TP Servers and VPN Client Access
- AWS VPN
- SonicWall Support
Configuring Microsoft Windows L2TP VPN Client Access
This provides an example for configuring L2TP client access to the WAN GroupVPN SA using the built-in L2TP Server and Microsoft's L2TP VPN Client.
SonicOS supports only X.509 certificates for L2TP clients; PKCS #7 encoded X.509 certificates are not supported in SonicOS for L2TP connections.
To enable Microsoft L2TP VPN Client access to the WAN GroupVPN SA
- Navigate to the NETWORK | VPN > Rules and Settings page.
- For the WAN GroupVPN policy, click the Edit icon in the Configure column.
- On the General screen, select IKE using Preshared Secret for the Authentication Method.
- Enter a shared secret passphrase in the Shared Secret field to complete the client policy configuration.
- Click Save.
- Navigate to the NETWORK | IPSec VPN > L2TP Server page.
- In the L2TP Server section, select Enable L2TP Server.
- Click Configure.
-
Provide the following L2TP Server Settings:
- Keep alive time (secs): 60
- DNS Server 1: 199.2.252.10 (or use your ISP’s DNS)
- DNS Server 2: 4.2.2.2 (or use your ISP’s DNS)
- DNS Server 3: 0.0.0.0 (or use your ISP’s DNS)
- WINS Server 1: 0.0.0.0 (or use your WINS IP)
- WINS Server 2: 0.0.0.0 (or use your WINS IP)
- Click L2TP Users Settings.
-
Set the following options:
-
IP address provided by RADIUS/LDAP Server if a RADIUS/LDAP Server provides IP addressing information to the L2TP clients. If the L2TP Server provides IP addresses, select Use the Local L2TP IP pool.
- Use the Local L2TP IP pool: Enabled (selected; the default)
- Start IP: 10.20.0.1 (use your own IP)
- End IP: 10.20.0.20 (use your own IP)
-
- Select Trusted Users from the User group for L2TP users drop-down menu.
- Click Save.
- Navigate to the DEVICE | Users > Local Users & Groups page.
- Click Local Users.
-
Click +Add User to display the User Settings dialog.
-
Specify a user name and password in the Name, Password, and Confirm Password fields.
-
Click Save.
By editing the VPN > LAN access rule or another VPN access rule (under POLICY | Rules and Policies > Access Rules), you can restrict network access for L2TP clients. To locate a rule to edit, select the All Types view on the Access Rules table and look at the Source column for L2TP IP Pool.
-
On your Microsoft Windows computer, complete the following L2TP VPN Client configuration to enable secure access:
-
Navigate to the Start > Control Panel > Network and Sharing Center.
-
Open the New Connection Wizard.
-
Choose Connect to a workplace.
-
Click Next.
-
Choose Virtual Private Network Connection. Click Next.
-
Enter a name for your VPN connection. Click Next.
-
Enter the Public (WAN) IP address of the firewall. Alternatively, you can use a domain name that points to the firewall.
-
Click Next, and then click Finish.
-
In the Connection window, click Properties.
-
Click Security.
-
Click on IPSec Settings.
-
Enable Use preshared key for authentication.
-
Enter your preshared secret key and click OK.
-
Click Networking.
-
Change Type of VPN from Automatic to L2TP IPSec VPN.
-
Click OK.
-
Enter your XAUTH username and password.
-
Click Connect.
-
-
Verify your Microsoft Windows L2TP VPN device is connected by navigating to the NETWORK | IPSec VPN > Rules and Settings page. The VPN client is displayed in the Currently Active VPN Tunnels section.
Was This Article Helpful?
Help us to improve our support portal