Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

NSA 2400 - Cannot successfully authenticate against Active Directory over L2TP VPN

Dear Sonicwall Community,

I am trying to connect with L2TP VPN using windows VPN-client but I get this error when I logon with a user imported from LDAP;

"The connection was prevented because of a policy configured on your RAS/VPN server. Specifically, the authentication method used by the server to verify your username and password may not match the authentication method configured in your connection profile. Please contact the administrator of the RAS server and notify them if this error."

However, if I use an user that is not imported from LDAP, it is connecting without any issues.

Now, L2TP is enabled on the firewall and is configured with MSCHAPv2 as authentication protocol.

Also, windows VPN connection is using MSChapv2, it was added with this powershell command:

Add-VpnConnection -Name "company name" -ServerAddress "company.com" -Tunneltype "L2tp" -L2tpPsk "pre-shared-key" -AuthenticationMethod MSChapv2 -EncryptionLevel "Required" -Force

NPS server is also configured with MSChapv2:


Does anyone have a clue why I'm still getting an authentication error? Is there anything I should configure differently?

We are having issues with teams and navision over Global VPN Client, therefore it would be great if we could authenticate users imported from LDAP so I do not have to create a new user for everyone using VPN in my company.

Category: Mid Range Firewalls
Reply

Answers

  • SaravananSaravanan Moderator

    Hi @JUNGLEWIZARD,

    Thank you for visiting SonicWall Community.

    Did you get chance to check the setting on the client end as below? Please check the VPN adapter details and ensure proper security setting is configured in it.

    Also, what does the SonicWall log say?


    Regards

    Saravanan V

    Technical Support Advisor - Premier Services

    Professional Services

  • junglewizardjunglewizard Newbie ✭

    Thank you @Saravanan

    My VPN adapter security settings is:

    Log from the firewall:


    I don't know why it is saying MS-CHAP in the log. It should be version 2 right?


    Another question, is it possible to enable EAP on the firewall? I have not seen an option for it.

Sign In or Register to comment.