After configuring the certificate authority and certificate template settings in AirWatch, deploy an Identity Certificate and IPSec VPN settings to be automatically configured on all of your devices.

  1. Navigate to Devices > Profiles > List View.

  2. Select Add.
  3. Select the applicable device platform to launch the Add a New Profile screen.
  4. Configure the General settings for the profile. The General settings determine how the profile is deployed and who receives it as well as other overall settings.

  5. Select Credentials from the profile options at left and then select Configure.
  6. Select Define Certificate Authority from the Credential Source drop-down menu.
  7. Select the Certificate Authority you created previously from the Certificate Authority drop-down menu.
  8. Select the Certificate Template you created previously from the Certificate Template drop-down menu.

  9. Select VPN from the profile options at left.
  10. Select Configure.

    You must configure the Credentials payload settings before the VPN payload settings.

  11. Configure the VPN settings.
    • Enter in the Connection Name field a descriptive name that identifies the VPN connection on the device.
    • Select IPSec (Cisco) from the Connection Type drop-down menu.
    • Enter the VPN Endpoint URL or VPN Server in the Server field. This is the URL that users connect to in order to establish their VPN connection.
    • If your VPN has been configured to leverage user credentials in addition to a certificate for authentication, then enter in the Account field the User Account to pass to the VPN endpoint. To pass AirWatch User Account names to the VPN endpoint, leverage the {enrollmentUser} lookup value.
    • Select Certificate as the type of Machine Authentication.
    • Select the Identity Certificate credentials that you created previously.
    • Verify the Include User PIN and Enable VPN On Demand checkboxes are not checked.

  12. Select Save or Save & Publish to publish this profile to a device.