A Virtual Private Network (VPN) provides devices with a secure and encrypted tunnel to access internal resources such as email, files, and content. VPN profiles enable each device to function as if it were connected through the on-site network.

Depending on the connection type and authentication method, use look-up values to auto-fill user name info to streamline the login process.

Note: The VPN profile applies for both the Work Profile and Work Managed Device mode types.

Procedure

  1. Navigate to Resources > Profiles & Baselines > Profiles > Add > Add Profile > Android.
  2. Configure the General profile settings as appropriate.
  3. Select VPN to edit the profile.
  4. Configure VPN settings. The table below defines all settings that can be configured based on the VPN client.
    Setting Description
    Connection Type Choose the protocol used to facilitate VPN sessions.

    Each Connection Type requires the respective VPN Client to be installed on the device to deploy the VPN profile. These applications should be assigned to users and published as public apps.

    Connection Name

    Enter the assigned to the connection created by the profile.

    Server

    Enter the name or address of the used for VPN connections.

    Account Enter the user account for authenticating the connection.
    Always On VPN Enable to force all traffic from work apps to be tunneled through VPN.
    Set Active Enable to turn VPN on after the profile applies to the device.
    Per-App VPN Rules

    Enable Per App VPN which allows you to configure VPN traffic rules based on specific applications. This text box only displays for supported VPN vendors.

    Note: Wi-Fi Proxy Auto Configuration is not supported using Per-App VPN.
    Protocol Select the authentication protocol for the VPN. Available when Cisco AnyConnect is selected from the Connection Type.
    Username Enter the username. Available when Cisco AnyConnect is selected from the Connection Type.
    User Authentication Choose the method required to authenticate the VPN session.
    Password

    Provide the credentials required for end-user VPN access.

    Client Certificate Use the drop-down to select the client certificate. These are configured in the Credentials profiles.
    Certificate Revocation Enable to turn on certificate revocation.
    AnyConnect Profile Enter the AnyConnect profile name.
    FIPS Mode Enable to turn on FIPS Mode.
    Strict Mode Enable to turn on Strict Mode.
    Vendor Keys

    Create custom keys to go into the vendor config dictionary.

    Key Enter the specific key provided by the vendor.
    Value Enter the VPN value for each key.
    Identity Certificate Select the identity certificate to be used for the VPN connection. Available when Workspace ONE Tunnel is selected from the Connection Type.
  5. Select Save & Publish.