IKEv2 (Windows)
This VPN connection type is supported on Windows devices. It is not supported on Android, iOS, and macOS devices.
| NOTE: | For Windows 10 devices, please add the configuration and value for auto proxy in the Custom Data Grid. Please note that the Automatic proxy is not supported in Windows 8.1. |
- Windows devices do not support pushing $USERID$ and $PASSWORD$ to the device in VPN settings. The device user must enter user name and password to connect to VPN.
- For certificate authentication, Windows devices only support identity certificates using SCEP reverse proxy.
Use the following guidelines to configure a IKEv2 (Windows) VPN.
Within these selections, you may make settings for:
Proxy - None (default)
Use the following guidelines to configure a IKEv2 (Windows) VPN connection without a proxy.
|
Item |
Description |
|||||||||
|
Name |
Enter a short phrase that identifies this VPN setting. |
|||||||||
|
Description |
Provide a description that clarifies the purpose of these settings. |
|||||||||
|
Channel |
For macOS only. Select one of the following distribution options:
|
|||||||||
|
Connection Type |
Select IKEv2 (Windows). |
|||||||||
|
Server |
Enter the IP address, hostname, or URL for the VPN server. |
|||||||||
|
Proxy |
None is the default setting. To configure a Manual or Automatic proxy, go to Proxy - Manual or Proxy - Automatic.
|
|||||||||
|
Proxy Server |
Select Manual proxy to see this option. Enter the name for the proxy server. |
|||||||||
|
Username |
Specify the user name to use (required.) The default value is $USERID$. Use this field to specify an alternate format, such as: $USERID$, $EMAIL$, $SAM_ACCOUNT_NAME$, $USER_CUSTOM1$, $USER_CUSTOM2$, $USER_CUSTOM3$, $USER_CUSTOM4$, $CUSTOM_DEVICE_Attributename$, $CUSTOM_USER_Attributename$, $NULL$ You can use combinations such as the following:
Enter $NULL$ if you want the field presented to the user to be blank. Users will need to fill in the relevant username.
|
|||||||||
|
User Authentication |
Select the user authentication to use:
|
|||||||||
|
Password |
Specify the password to use (required.) The default value is $PASSWORD$. Include at least one of the following variables: $USERID$, $EMAIL$, $PASSWORD$, $USER_CUSTOM1$, $USER_CUSTOM2$, $USER_CUSTOM3$, $USER_CUSTOM4$, $CUSTOM_DEVICE_Attributename$, $CUSTOM_USER_Attributename$, $NULL$ You can use combinations such as $EMAIL$:$PASSWORD$ Enter $NULL$ if you want the field presented to the user to be blank. Users will need to fill in the relevant password. |
|||||||||
|
Send All Traffic |
Select to send all traffic from the Windows device through the VPN gateway. When Send All Traffic is checked, all traffic is sent through the VPN gateway with the exception of traffic from the resources you enter in this table. When Send All Traffic is unchecked, only traffic from the resources you enter in this table is sent through the VPN gateway. |
Continue to Windows Configuration.
Continue to Custom Data.
Proxy - Manual
Use the following guidelines to configure a IKEv2 (Windows) VPN connection with a manual proxy.
|
Item |
Description |
|||||||||
|
Name |
Enter a short phrase that identifies this VPN setting. |
|||||||||
|
Description |
Provide a description that clarifies the purpose of these settings. |
|||||||||
|
Channel |
For macOS only. Select one of the following distribution options:
|
|||||||||
|
Connection Type |
Select IKEv2 (Windows). |
|||||||||
|
Server |
Enter the IP address, hostname, or URL for the VPN server. |
|||||||||
|
Proxy |
Select Manual. To configure an Automatic proxy, go to Proxy - Automatic.
|
|||||||||
|
Proxy Server |
Select Manual proxy to see this option. Enter the name for the proxy server. |
|||||||||
|
Proxy Server Port |
Select Manual proxy to see this option. Enter the port for the proxy server. |
|||||||||
|
Type |
Select Manual proxy to see this option. Select Static or Variable. |
|||||||||
|
Proxy Server User Name |
Select Manual proxy to see this option. If the type is Static, enter the username for the proxy server If the type is Variable, the default variable selected is $USERID$.
|
|||||||||
|
Proxy Server Password |
Select Manual proxy to see this option. If the type is Static, enter the password for the proxy server If the type is Variable, the default variable selected is $PASSWORD$.
|
|||||||||
|
Username |
Specify the user name to use (required.) The default value is $USERID$. Use this field to specify an alternate format, such as: $USERID$, $EMAIL$, $SAM_ACCOUNT_NAME$, $USER_CUSTOM1$, $USER_CUSTOM2$, $USER_CUSTOM3$, $USER_CUSTOM4$, $CUSTOM_DEVICE_Attributename$, $CUSTOM_USER_Attributename$, $NULL$ You can use combinations such as the following:
Enter $NULL$ if you want the field presented to the user to be blank. Users will need to fill in the relevant username.
|
|||||||||
|
User Authentication |
Select the user authentication to use:
|
|||||||||
|
Password |
Specify the password to use (required.) The default value is $PASSWORD$. Include at least one of the following variables: $USERID$, $EMAIL$, $PASSWORD$, $USER_CUSTOM1$, $USER_CUSTOM2$, $USER_CUSTOM3$, $USER_CUSTOM4$, $CUSTOM_DEVICE_Attributename$, $CUSTOM_USER_Attributename$, $NULL$ You can use combinations such as $EMAIL$:$PASSWORD$ Enter $NULL$ if you want the field presented to the user to be blank. Users will need to fill in the relevant password. |
|||||||||
|
Send All Traffic |
Select to send all traffic from the Windows device through the VPN gateway. When Send All Traffic is checked, all traffic is sent through the VPN gateway with the exception of traffic from the resources you enter in this table. When Send All Traffic is unchecked, only traffic from the resources you enter in this table is sent through the VPN gateway. |
Continue to Windows Configuration.
Continue to Custom Data.
Proxy - Automatic
Use the following guidelines to configure a IKEv2 (Windows) VPN connection with an automatic proxy.
| NOTE: | For Windows 10 devices, please add the configuration and value for auto proxy in the Custom Data Grid. Please note that the Automatic proxy is not supported in Windows 8.1. |
|
Item |
Description |
|||||||||
|
Name |
Enter a short phrase that identifies this VPN setting. |
|||||||||
|
Description |
Provide a description that clarifies the purpose of these settings. |
|||||||||
|
Channel |
For macOS only. Select one of the following distribution options:
|
|||||||||
|
Connection Type |
Select IKEv2 (Windows). |
|||||||||
|
Server |
Enter the IP address, hostname, or URL for the VPN server. |
|||||||||
|
Proxy |
Select Automatic. To configure an Manual proxy, go to Proxy - Manual .
|
|||||||||
|
Proxy Server URL |
Select Automatic proxy to see this option. Enter the URL for the proxy server. |
|||||||||
|
Username |
Specify the user name to use (required.) The default value is $USERID$. Use this field to specify an alternate format, such as: $USERID$, $EMAIL$, $SAM_ACCOUNT_NAME$, $USER_CUSTOM1$, $USER_CUSTOM2$, $USER_CUSTOM3$, $USER_CUSTOM4$, $CUSTOM_DEVICE_Attributename$, $CUSTOM_USER_Attributename$, $NULL$ You can use combinations such as the following:
Enter $NULL$ if you want the field presented to the user to be blank. Users will need to fill in the relevant username.
|
|||||||||
|
User Authentication |
Select the user authentication to use:
|
|||||||||
|
Password |
Specify the password to use (required.) The default value is $PASSWORD$. Include at least one of the following variables: $USERID$, $EMAIL$, $PASSWORD$, $USER_CUSTOM1$, $USER_CUSTOM2$, $USER_CUSTOM3$, $USER_CUSTOM4$, $CUSTOM_DEVICE_Attributename$, $CUSTOM_USER_Attributename$, $NULL$ You can use combinations such as $EMAIL$:$PASSWORD$ Enter $NULL$ if you want the field presented to the user to be blank. Users will need to fill in the relevant password. |
|||||||||
|
Send All Traffic |
Select to send all traffic from the Windows device through the VPN gateway. When Send All Traffic is checked, all traffic is sent through the VPN gateway with the exception of traffic from the resources you enter in this table. When Send All Traffic is unchecked, only traffic from the resources you enter in this table is sent through the VPN gateway. |
Continue to Windows Configuration.
Continue to Custom Data.
Windows Configuration
Allowed Secured Resources (Windows Phone only)
Excluded Secured Resources (Windows Phone only)
See Application-triggered VPN for Windows devices for information on how to configure these settings to set up application-triggered VPN for 8.0.1 devices.
|
Item |
Description |
|
Windows Configuration |
Enter the secured resources (domains, IP ranges, or apps) used by the Send All Traffic option. |
|
Always On |
Select this option to keep the VPN on. Lock Down supersedes this option for Windows devices. |
|
Lock Down |
You cannot change the assigned settings unless 1) the Lock Down setting is removed from the profile and the new profile is pushed to the device or 2) the device is un-enrolled from Core. This option supersedes the Always On option. |
Custom Data
- Add+ - Click to add a new key / value pair.
- Key / Value - Enter the Key / value pairs necessary to configure the VPN setting. The app creator should provide the necessary key / value pairs.