Disclaimer: This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment.

Overview

The recommended reads contain the steps to configure an L2TP VPN connection between Sophos Firewall and Microsoft Windows.

This applies to the following Sophos products and versions:

Sophos Firewall

Changing the default Authentication Mechanism to Pre-shared Key

1. Open Run.
2. Enter wf.msc and click OK.
3. Click Properties. 
4. Go to IPSec Settings tab > IPsec defaults > Click Customize.
5. Select Advanced under the Authentication method section and click Customize. 
6.  Select and remove the current method under the First authentication section.
7. Click Add in the same section.
8. In the Add First Authentication Method screen, select Preshared Key (not recommended) and enter the preshared key configured in Sophos. 
9. Click OK.
   
   Note: Ensure the IPSec Policy Agent, IKE, and AuthIP IPSec Keying Modules on the Windows computer run without error.

Creating the L2TP connection on the Windows computer

1. Open Run.
2. Enter the below command and click OK:
   
   control.exe /name Microsoft.NetworkAndSharingCenter
    
3. Click Setup a new connection or network
4. Click Connect to a Workplace.
5. Enter the details.
6. Click Create.

Configuring the authentication mechanism of the L2TP connection

1. Open the properties of the newly created L2TP connection and go to the Security tab. 
2. Click Advanced Settings.
3. Select Use preshared key for authentication under the L2TP tab and specify the key configured in the Sophos Firewall.
4. Click OK.
5. Select the network symbol on the System Tray and right-click the previously created connection.
6. Enter the credentials of the L2TP user.

The configuration establishes an L2TP connection between Sophos and a Windows computer.

Related information

• Sophos Firewall: View the VPN logs from the command-line interface
• Sophos Firewall: Create an L2TP remote access connection