On-Demand VPN Explained
(This article originally appeared in the blog iOS4Business, by Mathieu Bernier.)
VPN On-Demand is the Holy Grail, for Apple. When you ask an Apple representative for a VPN solution, what you get in return is: VPN On-Demand. So, let’s discover what’s behind that door with a short procedure using iPhone Configuration Utility.
(I won’t cover the configuration of the VPN gateway in this article. You need to make sure that your VPN gateway is properly configured to accept Certificates authenticated connections.)
I. The Concept
The first thing you need to know about VPN On-Demand (VPoD) is : it’s a very simple concept.
- It allows administrators to define a Hosts Domain realm behind which all hosts must be accessed via a VPN connection.
- Whenever an application try to access one of the server behind that realm, the iOS device automaticaly starts the VPN tunnel.
That’s VPN "On-Demand".
II. Requirements
In order to make VPN On-Demand work properly, you need :
- A compatible VPN gateway (Cisco, or any Cisco IPSec compatible third-party gateway, F5 SSL, JunOS Pulse etc …)
- An enterprise Certificate Authority
- The Authority CA Certificate
- A personnal certificate delivered by the Certificates Authority
III. Certificates
The first thing you need to do is to import the CA Certificate and your personal Certificate in the iOS configuration profile.
It’s fairly easy to do that.
- Open the iPhone Configuration Utility on your desktop
- Go to "Certificates"
- Click on "Configure"
- You need to get your personal Certificate and (if you use a company-wide Certificate Authority) the CA Certificate of your authority. First, import your personal certificate. Enter the password of your choice (remember it !) and click OK.
- Do the same for the CA Certificate. It should not ask you for a password this time.
- Now you have imported both certificates in your profile.
IV. "On-Demand" Configuration
A few settings are required to configure the VPN On-Demand in the profile.
- Go to VPN
- Enter the VPN gateway and authentication settings values.
- Choose _Certificate_ as the authentication method for the device. Then select your personal certificate you imported earlier.
- Enable _VPN On-Demand_ option and add a new realm in the list
Screen shot 2011-05-23 at 6.31.06 AM.png
In this example we created a realm "*.intranet.mycompany.com" with an action set to "Always establish". So now, any application trying to access a server behind "intranet.mycompany.com" will automaticaly setup a VPN tunnel to access it.
Upload the profile to your device, and then you are ready.
Simple as it looks like.
Backlinks
No backlinks found.
Recent Activity
-
Mobile Management Provider changed by Frank Klotz 1 year ago
-
Mobile Management Provider changed by bugfrisch 2 years ago
-
Mobile Management Provider changed by taylor 2 years ago
-
Mobile Management Provider changed by dmlarry 2 years ago
-
Mobile Management Provider changed by codeproof 2 years ago
-
Story added by Aaron Freimark 2 years ago
-
Mobile Management Provider changed by SteJohGbg 2 years ago
-
Story added by Aaron Freimark 2 years ago
-
Story added by Aaron Freimark 3 years ago
-
Mobile Management Provider changed by ZuluDesk 3 years ago
-
Wiki Page added by digitalmarketin... 3 years ago
-
Mobile Management Provider changed by Mahesh 3 years ago
-
Story added by Aaron Freimark 3 years ago
-
Mobile Management Provider changed by Neeraj 3 years ago
-
Story added by DaddyOfThr33 3 years ago
-
Story added by Aaron Freimark 3 years ago
-
Mobile Management Provider changed by sb-miradore 3 years ago
-
Story comment by Aaron Freimark 3 years ago
-
Story added by Aaron Freimark 3 years ago
-
Story added by Aaron Freimark 3 years ago