- Products
- Network Security
Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
Security ServicesComprehensive security for your network security solution
Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
Capture ATPMulti-engine advanced threat detection
Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
Secure Mobile AccessRemote, best-in-class, secure access
Wireless Access PointsEasy to manage, fast and secure Wi-FI
SwitchesHigh-speed network switching for business connectivity
- Email Security
Email SecurityProtect against today’s advanced email threats
- Cloud Security
Cloud App SecurityVisibility and security for Cloud Apps
Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
Capture ClientStop advanced threats and rollback the damage caused by malware
Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
- Support Widget
- Products
- Network Security
- Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
- Security ServicesComprehensive security for your network security solution
- Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
- Capture ATPMulti-engine advanced threat detection
- Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
- Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
- Secure Mobile AccessRemote, best-in-class, secure access
- Wireless Access PointsEasy to manage, fast and secure Wi-FI
- SwitchesHigh-speed network switching for business connectivity
- Email Security
- Email SecurityProtect against today’s advanced email threats
- Cloud Security
- Cloud App SecurityVisibility and security for Cloud Apps
- Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
- Capture ClientStop advanced threats and rollback the damage caused by malware
- Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
- Support Widget
Setup Android L2TP VPN
10/14/2021 
34 People found this article helpful
111,940 Views
Description
This article explains how to configure a L2TP VPN in order to connect from Android Devices.
Deployment Steps:
- Configure VPN settings
- Configure L2TP Server
- Configure a Sonicwall User
- Then last configure the device.
Resolution
Resolution for SonicOS 6.5
This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.
WanGroupVPN settings
- Go to Manage | VPN | Base Settings page, make sure the “Enable VPN” box in the top left corner of the page is checked.
Under the VPN Polices section, click the edit button on the WAN GroupVPN line as shown below
- Select IKE using Preshared Secret and enter the Shared Secret as shown below as an example:
| Authentication Method: "IKE using Preshared Secret" Name: WAN GroupVPN Shared Secret: type a passphrase (you will enter this is into the Droid later) |
- Go to the Proposals Tab
NOTE: To successfully establish a VPN tunnel the L2TP (VPN) client and the Remote VPN device must agree upon the same set of Proposals/Transform Payloads (differs from client to client), please refer the following article for complete details: List of IPSec and L2TP client proposals
 | IKE (Phase 1) Proposal DH Group = Group 2 IPSec (Phase 2) Proposal Protocol = ESP Authentication = SHA1 |
- Go to Advanced tab and select Accept Multiple proposals for Clients
 | Enable Windows Networking (NetBIOS) Broadcast = checked Require authentication of VPN clients by XAUTH = Checked |
- Go to the Client tab
 | Cache XAUTH User Name and Password on Client: Single Session or Always |
L2TP Server Settings
- Go to Manage | VPN | L2TP Server page Enable L2TP Server and click on the Button "Configure".
Keep alive time (Sec): 60
DNS Server 1: your DNS Server
DNS Server 2: your secondary DNS Server
WINS Server 1: if you have one
WINS Server 2:
IP Address Settings
Select L2TP Users | "Use the Local L2TP IP pool" and configure your Start IP Lease and End IP Lease range. The Sonicwall will auto-create an address object and rules for this range. It can be a separate IP range. In the shown example is IP Start 192.168.60.67 with an end range of 192.168.60.70. At the bottom of the page, select "Trusted Users" from the Dropdown menu next to “User group for L2TP users”. This is the same group you select on the Advance tab in the WAN GroupVPN settings.
- Go to Manage | Users | Local Users & Groups page and click the Add User button.
Make the user part of the Group "Trusted Users" on the Groups tab.
In the VPN Access list – as a minimum add these networks: LAN Subnets/LAN Primary Subnet and L2TP IP Pool.
Android Settings
Configure the Android: Go the settings | More connection settings
 |  |
 |  |
Resolution for SonicOS 6.2 and Below
The below resolution is for customers using SonicOS 6.2 and earlier firmware. For firewalls that are generation 6 and newer we suggest to upgrade to the latest general release of SonicOS 6.5 firmware.
- On the VPN | Settings page, make sure the Enable VPN box in the top left corner of the page is checked.
Under the VPN Polices section, click the edit button on the WAN GroupVPN line.
| Authentication Method: "IKE using Preshared Secret" Name: WAN GroupVPN Shared Secret: type a passphrase (you will enter this is into the Droid later) |
Second Tab "Proposals"
NOTE: To successfully establish a VPN tunnel the L2TP (VPN) client and the Remote VPN device must agree upon the same set of Proposals/Transform Payloads (differs from client to client), please refer the following article for complete details: List of IPSec and L2TP client proposals
 | IKE (Phase 1) Proposal DH Group = Group 2 IPSec (Phase 2) Proposal Protocol = ESP Authentication = SHA1 |
"Advanced" tab | Enable Windows Networking (NetBIOS) Broadcast = checked Require authentication of VPN clients by XAUTH = Checked |
"Client" tab
 | Cache XAUTH User Name and Password on Client: Single Session or Always |
L2TP Server Settings
- Go to the VPN | L2TP Server page and click on the button "Configure".
Keep alive time (Sec): 60
DNS Server 1: your DNS Server
DNS Server 2: your secondary DNS Server
WINS Server 1: if you have one
WINS Server 2:
IP Address Settings
Select "Use the Local L2TP IP pool" and configure your Start IP Lease and End IP Lease range. The Sonicwall will auto-create an address object and rules for this range. It can be a separate IP range.
In the shown example is IP Start 192.168.60.67 with an end range of 192.168.60.70. At the bottom of the page, select "Trusted Users" from the Dropdown menu next to “User group for L2TP users”. NOTE: This is the same group you select on the Advanced tab in the WAN GroupVPN settings. 
- Go to the Users | Local Users page and click the Add User button. Make the user part of the Group "Trusted Users".
In the VPN Access list – as a minimum add these networks: LAN Subnets/LAN Primary Subnet and L2TP IP Pool.
 |  |
Android Settings
Configure the Android. Go the setting APP page and select the Settings icon.
 |  |
 |  |
Related Articles
Categories
- Firewalls > TZ Series
- Firewalls > SonicWall SuperMassive E10000 Series
- Firewalls > SonicWall SuperMassive 9000 Series
- Firewalls > SonicWall NSA Series
YES
NO