IKEv2 (Windows)

Use the following guidelines to configure IKEv2 VPN.

Table 1. IKEv2 settings (Windows)

Item

Description

Name

Enter a short phrase that identifies this VPN setting.

Description

Provide a description that clarifies the purpose of these settings.

Connection Type

Select IKEv2 (Windows).

Server

Enter the IP address, hostname, or URL for the VPN server.

Proxy

Select None, Manual or Automatic to configure a proxy. If you select Manual, you must specify the proxy server name and port number. If you select Automatic, you must specify the proxy server URL.

NOTE: Windows devices do not currently support Automatic Proxy.

Proxy Server URL

Select Automatic proxy to see this option. Enter the URL for the proxy server.

Proxy Server

Select Manual proxy to see this option. Enter the name for the proxy server.

Proxy Server Port

Select Manual proxy to see this option. Enter the port for the proxy server.

Type

Select Manual proxy to see this option. Select Static or Variable.

Proxy Server User Name

Select Manual proxy to see this option. If the type is Static, enter the username for the proxy server

If the type is Variable, the default variable selected is $USERID$.

NOTE: Windows devices do not support Proxy Server User Name.

Proxy Server Password

Select Manual proxy to see this option. If the type is Static, enter the password for the proxy server

If the type is Variable, the default variable selected is $PASSWORD$.

NOTE: Windows devices do not support Proxy Server Password.

Username

Specify the user name to use. The default value is $USERID$. Use this field to specify an alternate format. For example, your standard might be $EMAIL$. Custom attribute variable substitutions are supported.

Why: Some enterprises have a strong preference concerning which identifier is exposed.

User Authentication

Select the authentication method to use: Password or Certificate.

 

Password

Specify the password to use. The default value is $PASSWORD$. Use this field to specify a custom format, such as $PASSWORD$_$USERID$.

Custom attribute variable substitutions are supported.

Identity Certificate

Select Certificate User Authentication to see this option. Select the WIN*SCEP setting generated using reverse proxy.

Send All Traffic

Select to send all traffic from the Windows device through the VPN gateway.

When Send All Traffic is checked, all traffic is sent through the VPN gateway with the exception of traffic from the resources you enter in this table.

When Send All Traffic is unchecked, only traffic from the resources you enter in this table is sent through the VPN gateway.

Windows Configuration

Enter the secured resources (domains, IP ranges, or apps) used by the Send All Traffic option.

Always On

Select this option to keep the VPN on. Lock Down supersedes this option for Windows devices.

Lock Down

You cannot change the assigned settings unless 1) the Lock Down setting is removed from the profile and the new profile is pushed to the device or 2) the device is un-enrolled from Core.

This option supersedes the Always On option.

Custom Data

Enter key value pairs to filter out traffic for Windows 10 devices.

You can use the following variables in fields that support variables:

  • $USERID$
  • $EMAIL$
  • $PASSWORD$
  • $NULL$

Enter $NULL$ if you want the field presented to the user to be blank.

Note The Following:

  • Windows devices do not support pushing $USERID$ and $PASSWORD$ to the device in VPN settings. The device user must enter user name and password to connect to VPN.
  • For certificate authentication, Windows devices only support identity certificates using SCEP reverse proxy.