Samsung Knox IPsec

Samsung Knox IPsec is for Android devices with Samsung Knox only.

Samsung Knox IPsec is used for VPN access in the Samsung Knox container (Android Samsung Knox Container Settings). Use the following guidelines to configure Samsung Knox IPsec.

Table 1. Samsung Knox IPsec settings

Item

Description

Name

Enter a short phrase that identifies this VPN setting.

Description

Provide a description that clarifies the purpose of these settings.

Channel

For macOS only. Select one of the following distribution options:

  • Device channel - the configuration is effective for all users on a device. This is the typical option.
  • User channel - the configuration is effective only for the currently registered user on a device.

Connection Type

Select Samsung Knox IPsec.

Server

Enter the IP address, hostname, or URL for the VPN server.

Backup Server

Enter the IP address, hostname, or URL for the fallback server to use in the event that the primary server is not available.

Authentication Type

Select the authentication method to use: Pre-Shared Key or Certificate.

Shared Secret

Pre-Shared Secret authentication.

The shared secret passcode. This is not the user’s password; the shared secret must be specified to initiate a connection.

Confirm Shared Secret

Pre-Shared Secret authentication.

Re-enter the shared secret to confirm.

Identity Certificate

Certificate authentication.

Select the entry you created for supporting VPN, if you are implementing certificate-based authentication.

CA Certificate

Certificate authentication.

Select the entry you created for supporting VPN, if you are implementing certificate-based authentication.

User Authentication

Select to enable user authentication as an additional factor.

Username

If User Authentication is selected, review the default variable to determine if it meets your needs. If it does not meet your needs, enter a different variable.

Password

If User Authentication is selected, review the default variable to determine if it meets your needs. default variable to determine if it meets your needs. If it does not meet your needs, enter a different variable.

IKE Version

Enter the Internet Key Exchange (IKE) version in use by your IPsec VPN server. IPsec uses the IKE to negotiate the protocols and algorithms used for the connection, and to generate the encryption and authentication keys.

Phase 1 Mode

If you selected IKE Phase 1, select the mode of operation in use by your IPsec VPN server:

Main: Has three two-way exchanges between the initiator and the receiver.
Aggressive: Fewer exchanges are made, and with fewer packets.

Group ID Type

Select the Group ID type your IPsec VPN server uses to authenticate to IKE peers.

Group Name

Enter the group name for your IPsec VPN server. This name corresponds to the value selected in Group ID Type.