NSA 2400 - Cannot successfully authenticate against Active Directory over L2TP VPN

junglewizard · March 2021

Dear Sonicwall Community,

I am trying to connect with L2TP VPN using windows VPN-client but I get this error when I logon with a user imported from LDAP;

"The connection was prevented because of a policy configured on your RAS/VPN server. Specifically, the authentication method used by the server to verify your username and password may not match the authentication method configured in your connection profile. Please contact the administrator of the RAS server and notify them if this error."

However, if I use an user that is not imported from LDAP, it is connecting without any issues.

Now, L2TP is enabled on the firewall and is configured with MSCHAPv2 as authentication protocol.

Also, windows VPN connection is using MSChapv2, it was added with this powershell command:

Add-VpnConnection -Name "company name" -ServerAddress "company.com" -Tunneltype "L2tp" -L2tpPsk "pre-shared-key" -AuthenticationMethod MSChapv2 -EncryptionLevel "Required" -Force

NPS server is also configured with MSChapv2:

Does anyone have a clue why I'm still getting an authentication error? Is there anything I should configure differently?

We are having issues with teams and navision over Global VPN Client, therefore it would be great if we could authenticate users imported from LDAP so I do not have to create a new user for everyone using VPN in my company.

Saravanan · March 2021

Hi @JUNGLEWIZARD,

Thank you for visiting SonicWall Community.

Did you get chance to check the setting on the client end as below? Please check the VPN adapter details and ensure proper security setting is configured in it.

Also, what does the SonicWall log say?