Configuring L2TP authentication protocols to use LDAP instead of RADIUS for iOS (iPad/iPhone/iPod t

Description

Configuring L2TP authentication protocols to use LDAP instead of RADIUS for iOS (iPad/iPhone/iPod touch) connections

Resolution

Overview:

iOS devices accept the first supported authentication protocol proposed by the server. The default preferred authentication protocol order in SonicOS (prior to 5.8.0.8 and 5.8.1.1) is CHAP, PAP, MS-CHAP, and then MS-CHAPv2. In 5.8.0.8 and 5.8.1.1 the order has been changed to MS-CHAPv2, CHAP, MS-CHAP, and then PAP. This combined with the iOS behavior of accepting the first supported authentication protocol will require RADIUS authentication because Active Directory does not support CHAP, MS-CHAP, or MS-CHAPv2.
To force L2TP connections from iOS devices to use LDAP instead of RADIUS, follow the steps outlined below.


Procedure:

  1. Log into the SonicWall security appliance using your admin credentials.
  2. Navigate to VPN > L2TP Server. Click Configure.
  3. Click on the PPP tab. Ensure that "PAP" is moved to the top of the list. Click OK.

Image


Notes:

 Upgrades from previous firmware versions will retain the original ordering. The new ordering is set on new installations only.
 Authentication protocols can also be changed for use with RADIUS

Related Articles

  • SonicOS 8.1.0 FAQ
    Read More
  • SonicWall GEN8 TZs and GEN8 NSas Settings Migration
    Read More
  • Getting started with SonicWall firewalls
    Read More

Categories

Firewalls
SonicWall NSA Series
Firewalls
SonicWall SuperMassive 9000 Series
Firewalls
SonicWall SuperMassive E10000 Series
Firewalls
TZ Series
not finding your answers?
Ask the Community