Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".


NSA 2400 - Cannot successfully authenticate against Active Directory over L2TP VPN

Dear Sonicwall Community,

I am trying to connect with L2TP VPN using windows VPN-client but I get this error when I logon with a user imported from LDAP;

"The connection was prevented because of a policy configured on your RAS/VPN server. Specifically, the authentication method used by the server to verify your username and password may not match the authentication method configured in your connection profile. Please contact the administrator of the RAS server and notify them if this error."

However, if I use an user that is not imported from LDAP, it is connecting without any issues.

Now, L2TP is enabled on the firewall and is configured with MSCHAPv2 as authentication protocol.

Also, windows VPN connection is using MSChapv2, it was added with this powershell command:

Add-VpnConnection -Name "company name" -ServerAddress "" -Tunneltype "L2tp" -L2tpPsk "pre-shared-key" -AuthenticationMethod MSChapv2 -EncryptionLevel "Required" -Force

NPS server is also configured with MSChapv2:

Does anyone have a clue why I'm still getting an authentication error? Is there anything I should configure differently?

We are having issues with teams and navision over Global VPN Client, therefore it would be great if we could authenticate users imported from LDAP so I do not have to create a new user for everyone using VPN in my company.

Category: Mid Range Firewalls


Sign In or Register to comment.