Virtual private networks (VPNs) provide devices with a secure and encrypted tunnel to access internal resources. VPN profiles enable each device to function as if it were connected through an on-site network. Configuring a VPN profile ensures that end users have seamless access to email, files, and content.

To create a base VPN profile:

  1. Navigate to Devices > Profiles & Resources > Profiles > Add. Select Apple iOS .
  2. Configure the profile's General settings.

    These settings determine how the profile deploys and who receives it. For more information on General settings, see Add General Profile Settings.

  3. Select the VPN payload.

  4. Configure Connection information, including: 

    The settings that you see may vary depending on the Connection Type you choose. If you are using Forcepoint or Blue Coat for content filtering, see Creating a Forcepoint Content Filter Profile and Creating a Blue Coat Content Filter Profile.

    Settings Description
    Connection Name Enter the name of the connection to be displayed on the device.
    Connection Type Use the drop-down menu to select the network connection method.
    Server Enter the hostname or IP address of the server for connection.
    Account Enter the name of the VPN account.
    Send All Traffic Select to force all traffic through the specified network.
    Disconnect on Idle Allow the VPN to auto-disconnect after a specific amount of time. Support for this value depends on the VPN provider.
    Per App VPN Rules Select to enable Per App VPN. For more information, see Configuring Per-App VPN for iOS Devices.
    Connect Automatically Select to allow the VPN to connect automatically to chosen Safari Domains. This option appears when Per App VPN is selected.
    Provider Type Select the provider type either AppProxy, or Packet Tunnel, or None.
    Authentication Choose the method to authenticate to end users. Follow the related prompts to upload an Identity Certificate, or enter a Password information, or the Shared Secret key to be provided to authorize end users for VPN access.
    Enable VPN On Demand Enable VPN On Demand to use certificates to establish VPN connections automatically using the Configuring VPN On Demand for iOS Devices section in this guide.

    Select either Manual or Auto proxy type to configure with this VPN connection.

    Server Enter the URL of the proxy server.
    Port Enter the port used to communicate with the proxy
    Username Enter the user name to connect to the proxy server.
    Password Enter the password for authentication.
    Vendor Configurations
    Vendor Keys

    Select to create custom keys to go into the vendor config dictionary.

    Key Enter the specific key provided by the vendor.
    Value Enter the VPN value for each key.

    If you have choosen IKEv2 as the connection type, you are eligible to enter the minimum and the maximum TLS version for VPN connection. Provided that you enable the Enable EAP check box before you enter the TLS version.

  5. Select Save & Publish. End users now have access to permitted sites.