L2TP

This VPN connection type is supported on iOS, macOS, and Windows devices. It is not supported on Android devices.

This section covers how to configure L2TP VPN.

Proxy - None (default)
Proxy - Manual
Proxy - Automatic

Proxy - None (default)

Use the following guidelines to configure a L2TP VPN without a proxy.

**Table 75.** Proxy - None settings
Item	Description
Name	Enter a short phrase that identifies this VPN setting.
Description	Provide a description that clarifies the purpose of these settings.
Channel	For macOS only. Select one of the following distribution options: •Device channel - the configuration is effective for all users on a device. This is the typical option. •User channel - the configuration is effective only for the currently registered user on a device.
Connection Type	Select L2TP.
Server	Enter the IP address, hostname, or URL for the VPN server.
Proxy	None is the default setting. To configure a Manual or Automatic proxy, go to Proxy - Manual or Proxy - Automatic.
Shared Secret	The shared secret passcode. This is not the user’s password; the shared secret must be specified to initiate a connection.
Confirm Shared Secret	Re-enter the shared secret to confirm.
Send all Traffic	Selecting this option protects data from being compromised, particularly on public networks.
Username	Specify the user name to use. The default value is $USERID$. Use this field to specify an alternate format, such as: $USERID$, $EMAIL$, $SAM_ACCOUNT_NAME$, $USER_CUSTOM1$, $USER_CUSTOM2$, $USER_CUSTOM3$, $USER_CUSTOM4$, $CUSTOM_DEVICE_Attributename$, $CUSTOM_USER_Attributename$, $NULL$ You can use combinations such as the following: •$USERID$:$EMAIL$ •$USERID$_$EMAIL$ Enter $NULL$ if you want the field presented to the user to be blank. Users will need to fill in the relevant username. Some enterprises have a strong preference concerning which identifier is exposed.
User Authentication	Select the authentication method to use: Password or RSA SecureID.
Password	Specify the password to use (required.) The default value is $PASSWORD$. Include at least one of the following variables: $USERID$, $EMAIL$, $PASSWORD$, $USER_CUSTOM1$, $USER_CUSTOM2$, $USER_CUSTOM3$, $USER_CUSTOM4$, $CUSTOM_DEVICE_Attributename$, $CUSTOM_USER_Attributename$, $NULL$ You can use combinations such as $EMAIL$:$PASSWORD$ Enter $NULL$ if you want the field presented to the user to be blank. Users will need to fill in the relevant password.

Proxy - Manual

Use the following guidelines to configure a L2TP VPN with a manual proxy.

**Table 76.** Proxy - Manual settings
Item	Description
Name	Enter a short phrase that identifies this VPN setting.
Description	Provide a description that clarifies the purpose of these settings.
Channel	For macOS only. Select one of the following distribution options: •Device channel - the configuration is effective for all users on a device. This is the typical option. •User channel - the configuration is effective only for the currently registered user on a device.
Connection Type	Select L2TP.
Server	Enter the IP address, hostname, or URL for the VPN server.
Proxy	Select Manual. To configure an automatic proxy, go to Proxy - Automatic.
Proxy Server	Enter the name for the proxy server.
Proxy Server Port	Enter the port number for the proxy server.
Type	Select Static or Variable for the type of authentication to be used for the proxy server.
Proxy Server User Name	If the authentication type is Static, enter the username for the proxy server. If the authentication type is Variable, the default variable selected is $USERID$.
Proxy Server Password	If the authentication type is Static, enter the password for the proxy server. Confirm the password in the field below. If the authentication type is Variable, the default variable selected is $PASSWORD$.
Proxy Domains (iOS only)	The VPN will only proxy for the domain and domain suffixes specified here (.com and .org are examples of top-level domain suffixes). Domain suffixes can be used to match multiple domains. For example, .com would include all .com domains, and example.com would include all domains ending in example.com, such as pages.example.com and mysite.example.com. Wildcards are not supported. Click Add+ to add a domain.
Shared Secret	The shared secret passcode. This is not the user’s password; the shared secret must be specified to initiate a connection.
Confirm Shared Secret	Re-enter the shared secret to confirm.
Send all Traffic	Selecting this option protects data from being compromised, particularly on public networks.
Username	Specify the user name to use. The default value is $USERID$. Use this field to specify an alternate format, such as: $USERID$, $EMAIL$, $SAM_ACCOUNT_NAME$, $USER_CUSTOM1$, $USER_CUSTOM2$, $USER_CUSTOM3$, $USER_CUSTOM4$, $CUSTOM_DEVICE_Attributename$, $CUSTOM_USER_Attributename$, $NULL$ You can use combinations such as the following: •$USERID$:$EMAIL$ •$USERID$_$EMAIL$ Enter $NULL$ if you want the field presented to the user to be blank. Users will need to fill in the relevant username. Some enterprises have a strong preference concerning which identifier is exposed.
User Authentication	Select the authentication method to use:Password or RSA SecureID.
Password	Specify the password to use (required.) The default value is $PASSWORD$. Include at least one of the following variables: $USERID$, $EMAIL$, $PASSWORD$, $USER_CUSTOM1$, $USER_CUSTOM2$, $USER_CUSTOM3$, $USER_CUSTOM4$, $CUSTOM_DEVICE_Attributename$, $CUSTOM_USER_Attributename$, $NULL$ You can use combinations such as $EMAIL$:$PASSWORD$ Enter $NULL$ if you want the field presented to the user to be blank. Users will need to fill in the relevant password.

Proxy - Automatic

Use the following guidelines to configure a L2TP VPN with an automatic proxy.

**Table 77.** Proxy - Automatic settings
Item	Description
Name	Enter a short phrase that identifies this VPN setting.
Description	Provide a description that clarifies the purpose of these settings.
Channel	For macOS only. Select one of the following distribution options: •Device channel - the configuration is effective for all users on a device. This is the typical option. •User channel - the configuration is effective only for the currently registered user on a device.
Connection Type	Select L2TP.
Server	Enter the IP address, hostname, or URL for the VPN server.
Proxy	Select Automatic. To configure a Manual proxy, go to Proxy - Manual.
Proxy Server URL	Enter the URL for the proxy server. Enter the URL of the location of the proxy auto-configuration file.
Proxy Domains (iOS only)	The VPN will only proxy for the domain and domain suffixes specified here (.com and .org are examples of top-level domain suffixes). Domain suffixes can be used to match multiple domains. For example, .com would include all .com domains, and example.com would include all domains ending in example.com, such as pages.example.com and mysite.example.com. Wildcards are not supported. Click Add+ to add a domain.
Shared Secret	The shared secret passcode. This is not the user’s password; the shared secret must be specified to initiate a connection.
Confirm Shared Secret	Re-enter the shared secret to confirm.
Send all Traffic	Selecting this option protects data from being compromised, particularly on public networks.
Username	Specify the user name to use. The default value is $USERID$. Use this field to specify an alternate format, such as: $USERID$, $EMAIL$, $SAM_ACCOUNT_NAME$, $USER_CUSTOM1$, $USER_CUSTOM2$, $USER_CUSTOM3$, $USER_CUSTOM4$, $CUSTOM_DEVICE_Attributename$, $CUSTOM_USER_Attributename$, $NULL$ You can use combinations such as the following: •$USERID$:$EMAIL$ •$USERID$_$EMAIL$ Enter $NULL$ if you want the field presented to the user to be blank. Users will need to fill in the relevant username. Some enterprises have a strong preference concerning which identifier is exposed.
User Authentication	Select the authentication method to use:Password or RSA SecureID.
Password	Specify the password to use (required.) The default value is $PASSWORD$. Include at least one of the following variables: $USERID$, $EMAIL$, $PASSWORD$, $USER_CUSTOM1$, $USER_CUSTOM2$, $USER_CUSTOM3$, $USER_CUSTOM4$, $CUSTOM_DEVICE_Attributename$, $CUSTOM_USER_Attributename$, $NULL$ You can use combinations such as $EMAIL$:$PASSWORD$ Enter $NULL$ if you want the field presented to the user to be blank. Users will need to fill in the relevant password.