VPN Payload
A VPN payload provisions iOS devices with settings to connect to a VPN. It includes options for configuring the connection type, providing authentication credentials or certificates, setting the VPN to activate on demand, and using a proxy server for the connection.
In order to connect to a VPN, you may need to install an authentication app or client specific to your VPN type on the device. Use a software payload to send an associated VPN app to the device.
A VPN payload may have the following options, depending on the type of connection:
Profile Settings|
Payload Name |
The name of the payload. |
|
Connection name |
The name of the connection as it is displayed on the device. |
|
Connection type |
The type of VPN. |
|
Identifier |
An identifier for the custom SSL VPN. Use reverse DNS format. For example: com.example.vpn |
|
Server |
The name or IP address of the VPN server. |
|
Account |
The name of the user account. |
|
Realm |
The realm for authenticating the connection. |
|
Role |
The role for authenticating the connection. |
|
User authentication |
The authentication type. Options may include Password, RSA SecurID, or Certificate. |
|
Password |
The password for the user account. With AnyConnect, the user will always be prompted for the password. AnyConnect doesn't allow the password to be auto-filled. |
|
Machine Authentication |
The authentication type. Options include Shared Secret / Group Name or Certificate. Shared secrets that contain quotation marks are not supported. |
|
Group, Group Name, or Login group or domain |
The name of the group for the connection. |
|
Shared secret |
The shared secret for the connection. |
|
Encryption Level |
•None. Does not use encryption. •Automatic. Uses 40-bit encryption for the Compression Control Protocol. •Maximum (128 bit). Uses 128-bit encryption for the Compression Control Protocol. |
|
Send all traffic |
Route all wireless traffic through the VPN connection. |
|
Use hybrid authentication |
Use the shared secret, name, and server certificate to authenticate. |
|
Prompt for password |
Prompt the device user for the password. |
|
Identity certificate |
The certificate for authentication. |
|
Include user PIN |
Request PIN during connection and send with authentication. |
|
Enable VPN on demand |
Establish a VPN connection automatically when the device user attempts to access specified domains. Provide the domain or host name and the action to perform when the user attempts access. Actions include: Always. Any address at the included domain initiates a VPN connection. Never. Doesn't initiate a connection, but if the VPN is already active, it is used for any address at the included domain. Establish if needed. Initiates a VPN connection for any address at the included domain after a DNS look-up has failed. |
|
Custom Data |
Add key value pairs as additional data for the custom connection. |
|
Proxy |
Use a proxy server with a VPN connection. |
|
Proxy Server URL |
The URL of the proxy server. |
|
Server and Port |
The fully qualified address and port of the proxy server. |
|
Authentication |
The username to connect to the proxy server. |
|
Password |
The password to connect to the proxy server. |