We help IT Professionals succeed at work.

SonicWall tz 205 L2PT VPN cannot access any hosts

BrianFord asked
I have a SonicWall TZ205, when I connect using the GlobalVPN Connector on a Windows PC everything is fine and I can access the internal network hosts and we-sites.

But when I connect on my MAC using L2TP I can connect to the VPN but cannot browse any of the network servers or intranet pages etc. I just get a not found error
Watch Question

bbaoIT Consultant

L2TP needs other configurations, not for GlobalVPN clients. see the instruction below.

Configuring the L2TP Server in SonicOS



Your link isn't working for me,.

I have followed the setup instructions located here: https://support.software.dell.com/kb/sw11409

but it still doesn't work.
bbaoIT Consultant

it's a bit strange that the given PDF link works well here. the PDF gives the instructions on how to configure L2TP on the SonicWALL as well as the how to configure your Windows computer to access the L2TP server.

would you like to post your configuration in screenshots? you may mark the sensitive info such as IPs and credentials, if any.


Unfortunately when I try your link it just re-directs to http://www.sonicwall.com/us/en/

Would you be able to attach the PDF here?

Actually my problem is not with the Windows PC's they work fine with the Global Client.

The problem is with MACs as there is no Global client from SonicWall for the MAC,

L2TP screenshots attached, I'm no expert on this so I've probably not shown you what you need :)
bbaoIT Consultant

it seems EE does not allow members to upload any files except images, hence i can't share it to you. anyway, try this one:


your screenshots against L2TP settings look fine for me but some more important settings are not posted such as L2TP Users, firewall rules and NAT policies against L2TP clients.

> But when I connect on my MAC using L2TP I can connect to the VPN

once connected, are you able to green status under VPN status? if so, both L2TP connection and users settings should be okay.

> but cannot browse any of the network servers or intranet pages etc

it seems you haven't allowed L2TP users to access intranet and the Internet at NAT Policy and Firewall sections. you should explicitly allow L2TP clients to access LAN and the Internet at the matrix of firewall rules.


Yes I get the green 'connected' status light.
bbaoIT Consultant

>> are you able to green status under VPN status?
> Yes I get the green 'connected' status

sorry i missed typing "see" but you did understand. :-)) no idea why i always miss typing something while answering from a mobile phone.

regarding your screenshot, what section is it from? can you also capture the column name as i can't determine the rule. FYI i don't have a SonicWALL device with me at the moment.


Sorry, I meant to add the col names, this is from the Firewall - Access Rules - Matrix and the col names in order are: Source, Destination, Service, Action, Users.

I also just uploaded a screenshot of the active L2TP connection (screen shot 6)
IT Consultant
which section of the firewall rules is it? e.g. LAN to WAN, VPN to WAN, or VPN to LAN...?

the L2TP connection screen looks good. does the given user belong to the groups who are eligible to access LAN and the Internet?

anyway, per the described symptom, it should be an issue in firewall rules or access permissions.


This was the VPN to LAN section, the user a 'Local User' and has access to 'LAN Subnets'. The VPN setup has "Split Tunnel' which I believe gives access to LAN and the outside world correct?

I'm sure you are correct in where the issue lies but it's a little out of my expertise at this point, there are so many rules in there and I don't know which one I should be checking or how to simply create one with the correct parameters.

Thanks again for trying to help



The issue lay with the order of authentication in the client setup of the VPN, I needed to move PAP to the top of the list. I found this section in the help documentation:

Configuring L2TP to use LDAP for MacOS and iOS Connections

Some care must be taken when configuring devices running MacOS or Apple iOS (iPad/iPhone/iPod touch) for L2TP connections using either LDAP or RADIUS. This is because iOS devices accept the first supported authentication protocol that is proposed by the server. In SonicOS, the default authentication protocol order was changed in SonicOS beginning in releases and Here are the default authentication protocol orders:

• Prior to and CHAP, PAP, MS-CHAP, MS-CHAPv2.

• and and above: MS-CHAPv2, CHAP, MS-CHAP, PAP.

Note Upgrades from previous firmware versions will retain the original ordering. The new ordering is set on new installations only.

This change in default authentication protocol order, combined with the iOS behavior of accepting the first supported authentication protocol will default to SonicOS and iOS devices using RADIUS authentication (because Active Directory does not support CHAP, MS-CHAP, or MS-CHAPv2).

To force L2TP connections from iOS devices to use LDAP instead of RADIUS, follow the steps outlined below.

1. Navigate to the VPN > L2TP Server page.

2. Click Configure.

3. Click on the PPP tab.

4. Ensure that PAP is moved to the top of the list.

5. Click OK


Pointed me in the right direction, thank you
bbaoIT Consultant

good on you and thanks for the points. :)


You are welcome