L2TP

This VPN connection type is supported on iOS, macOS, and Windows devices. It is not supported on Android devices.

This section covers how to configure L2TP VPN.

Proxy - None (default)

Use the following guidelines to configure a L2TP VPN without a proxy.

Table 75.  Proxy - None settings

Item

Description

Name

Enter a short phrase that identifies this VPN setting.

Description

Provide a description that clarifies the purpose of these settings.

Channel

For macOS only. Select one of the following distribution options:

Device channel - the configuration is effective for all users on a device. This is the typical option.

User channel - the configuration is effective only for the currently registered user on a device.

Connection Type

Select L2TP.

Server

Enter the IP address, hostname, or URL for the VPN server.

Proxy

None is the default setting. To configure a Manual or Automatic proxy, go to Proxy - Manual or Proxy - Automatic.

Shared Secret

The shared secret passcode. This is not the user’s password; the shared secret must be specified to initiate a connection.

Confirm Shared Secret

Re-enter the shared secret to confirm.

Send all Traffic

Selecting this option protects data from being compromised, particularly on public networks.

Username

Specify the user name to use. The default value is $USERID$. Use this field to specify an alternate format, such as:

$USERID$, $EMAIL$, $SAM_ACCOUNT_NAME$, $USER_CUSTOM1$, $USER_CUSTOM2$, $USER_CUSTOM3$, $USER_CUSTOM4$, $CUSTOM_DEVICE_Attributename$, $CUSTOM_USER_Attributename$, $NULL$

You can use combinations such as the following:

$USERID$:$EMAIL$

$USERID$_$EMAIL$

Enter $NULL$ if you want the field presented to the user to be blank. Users will need to fill in the relevant username.

Some enterprises have a strong preference concerning which identifier is exposed.

User Authentication

Select the authentication method to use: Password or RSA SecureID.

Password

Specify the password to use (required.) The default value is $PASSWORD$. Include at least one of the following variables:

$USERID$, $EMAIL$, $PASSWORD$, $USER_CUSTOM1$, $USER_CUSTOM2$, $USER_CUSTOM3$, $USER_CUSTOM4$, $CUSTOM_DEVICE_Attributename$, $CUSTOM_USER_Attributename$, $NULL$

You can use combinations such as $EMAIL$:$PASSWORD$

Enter $NULL$ if you want the field presented to the user to be blank. Users will need to fill in the relevant password.

Proxy - Manual

Use the following guidelines to configure a L2TP VPN with a manual proxy.

Table 76.  Proxy - Manual settings

Item

Description

Name

Enter a short phrase that identifies this VPN setting.

Description

Provide a description that clarifies the purpose of these settings.

Channel

For macOS only. Select one of the following distribution options:

Device channel - the configuration is effective for all users on a device. This is the typical option.

User channel - the configuration is effective only for the currently registered user on a device.

Connection Type

Select L2TP.

 

Server

Enter the IP address, hostname, or URL for the VPN server.

Proxy

Select Manual. To configure an automatic proxy, go to Proxy - Automatic.

Proxy Server

Enter the name for the proxy server.

Proxy Server Port

Enter the port number for the proxy server.

Type

Select Static or Variable for the type of authentication to be used for the proxy server.

Proxy Server User Name

If the authentication type is Static, enter the username for the proxy server.

If the authentication type is Variable, the default variable selected is $USERID$.

Proxy Server Password

If the authentication type is Static, enter the password for the proxy server. Confirm the password in the field below.

If the authentication type is Variable, the default variable selected is $PASSWORD$.

Proxy Domains (iOS only)

The VPN will only proxy for the domain and domain suffixes specified here (.com and .org are examples of top-level domain suffixes). Domain suffixes can be used to match multiple domains. For example, .com would include all .com domains, and example.com would include all domains ending in example.com, such as pages.example.com and mysite.example.com. Wildcards are not supported.

Click Add+ to add a domain.

Shared Secret

The shared secret passcode. This is not the user’s password; the shared secret must be specified to initiate a connection.

Confirm Shared Secret

Re-enter the shared secret to confirm.

Send all Traffic

Selecting this option protects data from being compromised, particularly on public networks.

Username

Specify the user name to use. The default value is $USERID$. Use this field to specify an alternate format, such as:

$USERID$, $EMAIL$, $SAM_ACCOUNT_NAME$, $USER_CUSTOM1$, $USER_CUSTOM2$, $USER_CUSTOM3$, $USER_CUSTOM4$, $CUSTOM_DEVICE_Attributename$, $CUSTOM_USER_Attributename$, $NULL$

You can use combinations such as the following:

$USERID$:$EMAIL$

$USERID$_$EMAIL$

Enter $NULL$ if you want the field presented to the user to be blank. Users will need to fill in the relevant username.

Some enterprises have a strong preference concerning which identifier is exposed.

User Authentication

Select the authentication method to use:Password or RSA SecureID.

Password

Specify the password to use (required.) The default value is $PASSWORD$. Include at least one of the following variables:

$USERID$, $EMAIL$, $PASSWORD$, $USER_CUSTOM1$, $USER_CUSTOM2$, $USER_CUSTOM3$, $USER_CUSTOM4$, $CUSTOM_DEVICE_Attributename$, $CUSTOM_USER_Attributename$, $NULL$

You can use combinations such as $EMAIL$:$PASSWORD$

Enter $NULL$ if you want the field presented to the user to be blank. Users will need to fill in the relevant password.

Proxy - Automatic

Use the following guidelines to configure a L2TP VPN with an automatic proxy.

Table 77.  Proxy - Automatic settings

Item

Description

Name

Enter a short phrase that identifies this VPN setting.

Description

Provide a description that clarifies the purpose of these settings.

Channel

For macOS only. Select one of the following distribution options:

Device channel - the configuration is effective for all users on a device. This is the typical option.

User channel - the configuration is effective only for the currently registered user on a device.

Connection Type

Select L2TP.

 

Server

Enter the IP address, hostname, or URL for the VPN server.

Proxy

Select Automatic. To configure a Manual proxy, go to Proxy - Manual.

Proxy Server URL

Enter the URL for the proxy server.

Enter the URL of the location of the proxy auto-configuration file.

Proxy Domains (iOS only)

The VPN will only proxy for the domain and domain suffixes specified here (.com and .org are examples of top-level domain suffixes). Domain suffixes can be used to match multiple domains. For example, .com would include all .com domains, and example.com would include all domains ending in example.com, such as pages.example.com and mysite.example.com. Wildcards are not supported.

Click Add+ to add a domain.

Shared Secret

The shared secret passcode. This is not the user’s password; the shared secret must be specified to initiate a connection.

Confirm Shared Secret

Re-enter the shared secret to confirm.

Send all Traffic

Selecting this option protects data from being compromised, particularly on public networks.

Username

Specify the user name to use. The default value is $USERID$. Use this field to specify an alternate format, such as:

$USERID$, $EMAIL$, $SAM_ACCOUNT_NAME$, $USER_CUSTOM1$, $USER_CUSTOM2$, $USER_CUSTOM3$, $USER_CUSTOM4$, $CUSTOM_DEVICE_Attributename$, $CUSTOM_USER_Attributename$, $NULL$

You can use combinations such as the following:

$USERID$:$EMAIL$

$USERID$_$EMAIL$

Enter $NULL$ if you want the field presented to the user to be blank. Users will need to fill in the relevant username.

Some enterprises have a strong preference concerning which identifier is exposed.

User Authentication

Select the authentication method to use:Password or RSA SecureID.

Password

Specify the password to use (required.) The default value is $PASSWORD$. Include at least one of the following variables:

$USERID$, $EMAIL$, $PASSWORD$, $USER_CUSTOM1$, $USER_CUSTOM2$, $USER_CUSTOM3$, $USER_CUSTOM4$, $CUSTOM_DEVICE_Attributename$, $CUSTOM_USER_Attributename$, $NULL$

You can use combinations such as $EMAIL$:$PASSWORD$

Enter $NULL$ if you want the field presented to the user to be blank. Users will need to fill in the relevant password.