Configuring VPN on iOS MDM devices

To connect an iOS MDM device to a virtual private network (VPN) and protect data during the connection to the VPN, configure the VPN connection settings. The IKEv2 and IPSec VPN protocols also let you set up a VPN connection for selected website domains in Safari.

To configure the VPN connection on a user's iOS MDM device:

  1. In the console tree, in the Managed devices folder, select the administration group to which the iOS MDM devices belong.
  2. In the workspace of the group, select the Policies tab.
  3. Open the policy properties window by double-clicking any column.

    Complete the following steps within 15 minutes. Otherwise, you may face an error when saving changes to the policy.

  4. In the policy Properties window, select the VPN section.
  5. Click the Add button in the VPN networks section.

    This opens the VPN network window.

  6. In the Network name field, enter the name of the VPN tunnel.
  7. In the Connection type drop-down list, select the type of VPN connection:
    • L2TP (Layer 2 Tunneling Protocol). The connection supports authentication of iOS MDM device user using MS-CHAP v2 passwords, two-factor authentication, and automatic authentication using a public key.
    • PPTP (Point-to-Point Tunneling Protocol). The connection supports authentication of iOS MDM device user using MS-CHAP v2 passwords and two-factor authentication.

      The PPTP connection is no longer supported.

    • IKEv2 (Internet Key Exchange version 2). The connection establishes the Security Association (SA) attribute between two network entities and supports authentication using EAP (Extensible Authentication Protocols), shared secrets, and certificates.
    • IPSec (Cisco). The connection supports password-based user authentication, two-factor authentication, and automatic authentication using a public key and certificates.
    • Cisco AnyConnect. The connection supports the Cisco Adaptive Security Appliance (ASA) firewall of version 8.0(3).1 or later. To configure the VPN connection, install the Cisco AnyConnect app from App Store on the iOS MDM device.
    • Juniper SSL. The connection supports the Juniper Networks SSL VPN gateway, Series SA, of version 6.4 or later with the Juniper Networks IVE package of version 7.0 or later. To configure the VPN connection, install the JUNOS app from App Store on the iOS MDM device.
    • F5 SSL. The connection supports F5 BIG-IP Edge Gateway, Access Policy Manager, and Fire SSL VPN solutions. To configure the VPN connection, install the F5 BIG-IP Edge Client app from App Store on the iOS MDM device.
    • SonicWALL Mobile Connect. The connection supports SonicWALL Aventail E-Class Secure Remote Access devices of version 10.5.4 or later, SonicWALL SRA devices of version 5.5 or later, as well as SonicWALL Next-Generation Firewall devices, including TZ, NSA, E-Class NSA with SonicOS of version 5.8.1.0 or later. To configure the VPN connection, install the SonicWALL Mobile Connect app from App Store on the iOS MDM device.
    • Aruba VIA. The connection supports Aruba Networks mobile access controllers. To configure them, install the Aruba Networks VIA app from App Store on the iOS MDM device.
    • Custom SSL. The connection supports authentication of the iOS MDM device user using passwords and certificates and two-factor authentication.
  8. In the Server address field, enter the network name or IP address of the VPN server.
  9. In the Account name field, enter the account name for authorization on the VPN server. You can use macros from the Macros available drop-down list.
  10. Configure the security settings for the VPN connection according to the selected type of virtual private network. For information about these settings, refer to the context help of the administration plug-in.
  11. For IKEv2 and IPsec connections, if necessary, set up Per App VPN functionality for supported system apps (Email, Calendar, Safari, and Contacts). For details, refer to the Configuring Per App VPN on iOS MDM devices section or the context help of the administration plug-in.
  12. If necessary, configure the settings of the VPN connection via a proxy server:
    1. Select the Proxy server settings tab.
    2. Select the proxy server configuration mode and specify the connection settings.
    3. Click OK.

    As a result, the settings of the device connection to a VPN via a proxy server are configured on the iOS MDM device.

  13. Click OK.

    The new VPN is displayed in the list.

  14. Click the Apply button to save the changes you have made.

As a result, a VPN connection will be configured on the user's iOS MDM device once the policy is applied.

Page top