When any windows client tries to connect to the SonicWall using built-in windows VPN feature (L2TP), sometimes SonicWall drops the L2TP packets on destination port UDP 1701 with a module ID and drop code. The drop code changes according to the firmware versions and is about "Packet dropped - fails to handle L2TP pkt".
Below error messages would appear on the client machine.
By default, the windows VPN uses certificate for authentication. In SonicWall, pre shared secret could be configured for L2TP authentication. SonicWall is also not configured to use certificate for authentication. When the L2TP traffic from client hits SonicWall, Security Association (SA) would not include certificate information and more over in the windows client VPN connection setup is configured (by default) to use certificate for authentication but the appropriate certificate is not installed on the client.
Step 1: In the client machine, go to the L2TP VPN Connection Properties window. Step 2: Switch to Securitytab and ensure Type of VPN is set to "Layer 2 Tunneling Protocol with IPsec (L2TP/IPsec)". Step 3: Click on Advanced Settings.
Step 4: In the Advanced Properties window, select the option "Use pre shared key for authentication" and specify the pre shared key value in Key field which is configured on SonicWall WAN Group VPN.
Step 5: Click OK.
After clicking OK and when attempted to look at the pre shared secret value, the Key field should look alike the below screenshot.
How to Test:
Initiate the VPN connection and this time the connection should be successful with below screenshot shown VPN connection states.