Link to home
Start Free TrialLog in
Avatar of E C
E CFlag for United States of America

asked on

SonicWall Pro 2040, Windows 7 and L2TP with AES

I have a SonicWall Pro 2040.
The VPN is configured to use L2TP with 3DES encryption.

Using Windows 7's built-in VPN support, I created a connection and it works fine.

However, I also have Mac users who need to connect remotely. Apparently Apple no longer supports 3DES in their latest OS (10.7 Lion). I was told the VPN software built into Lion only supports AES encryption.

So, I logged into my Pro 2040 and changed the encryption from 3DES to AES-256 and sure enough, it works! My Mac users can now connect.

Well ... now my Windows 7 users CANNOT connect!
The VPN settings on Windows 7 are pretty basic. There's no place to specify the encryption type to match the VPN Server. I probably tried every possible combination of settings but I cannot get it to connect to my Pro 2040.

If I set the VPN Server from AES-256 back to 3DES, my Windows 7 users can connect right away but as you can probably guess, now my Mac users CANNOT connect.

Note: I tried using AES-128 instead of 256 to see if that would work; it did not

I read somewhere online that Windows 7 supports AES (I would expect it to), but I cannot get it to work.

So it appears that:
- Windows 7 supports 3DES but not AES.
- Mac OS X 10.7 supports AES but not 3DES.

(One more thing I wanted to mention ... on the Mac side, there is a third party VPN software client called Equinux VPN Tracker. I tried it out and it works beautifully. In other words, I can set my VPN back to 3DES and that makes my PCs happy. And using Equinux (instead of the Mac's built-in VPN client), the Macs are happy) But that software is too expensive)
Avatar of Carl Dula
Carl Dula
Flag of United States of America image

Avatar of E C

ASKER

Hello carlmd,
Thanks for that link. But, while it mentions AES is supported in Windows 7, I still cannot connect unless I change my firewall from AES to 3DES.
ASKER CERTIFIED SOLUTION
Avatar of Carl Dula
Carl Dula
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of E C

ASKER

Hello Carl,
It appears that I can create another VPN policy, but I must admit I did not try it. Instead, I ended up reverting the VPN back to 3DES (to make the Windows users happy), and purcahsed Equinux VPNTracker (VPN Client software) for the Mac Users. Turns out I only had to purchase one Pro version. The Pro version can export a configuration file. Then I purchased 4 'Player' licenses, installed on each Mac, imported the config file and now they also connect just fine (also using 3DES).

Seems the VPN Client that is built into each OS (Windows and Mac) is flaky ... at least with my old SonicWall.

Thanks for your help!