Virtual private networks (VPNs) provide devices with a secure and encrypted tunnel to access internal resources. VPN profiles enable each device to function as if it were connected through an on-site network. Configuring a VPN profile ensures that end users have seamless access to email, files, and content.
To create a base VPN profile:
Navigate to Apple iOS.. Select
Configure the profile's General settings.
Select the VPN payload.
Configure Connection information, including:
The settings that you see may vary depending on the Connection Type you choose. If you are using Forcepoint or Blue Coat for content filtering, see Creating a Forcepoint Content Filter Profile and Creating a Blue Coat Content Filter Profile.
Enter the name of the connection to be displayed on the device.
Use the drop-down menu to select the network connection method.
Enter the hostname or IP address of the server for connection.
Enter the name of the VPN account.
Send All Traffic
Select to force all traffic through the specified network.
Disconnect on Idle
Allow the VPN to auto-disconnect after a specific amount of time. Support for this value depends on the VPN provider.
Per App VPN Rules
Select to enable Per App VPN. For more information, see Configuring Per-App VPN for iOS Devices.
Select to allow the VPN to connect automatically to chosen Safari Domains. This option appears when Per App VPN is selected.
Select the provider type either AppProxy, or Packet Tunnel, or None.
Choose the method to authenticate to end users. Follow the related prompts to upload an Identity Certificate, or enter a Password information, or the Shared Secret key to be provided to authorize end users for VPN access.
Enable VPN On Demand
Enable VPN On Demand to use certificates to establish VPN connections automatically using the Configuring VPN On Demand for iOS Devices section in this guide.
Select either Manual or Auto proxy type to configure with this VPN connection.
Enter the URL of the proxy server.
Enter the port used to communicate with the proxy
Enter the user name to connect to the proxy server.
Enter the password for authentication.
Select to create custom keys to go into the vendor config dictionary.
Enter the specific key provided by the vendor.
Enter the VPN value for each key.Note:
If you have choosen IKEv2 as the type, you are eligible to enter the minimum and the maximum TLS version for VPN connection. Provided that you enable the Enable EAP check box before you enter the TLS version.
Select Save & Publish. End users now have access to permitted sites.