Home > Enterprise Mobility Management > Profiles and Settings > Deploying VPN Configurations using SM

Deploying VPN Configurations using SM

The purpose of this article is to demonstrate how to configure VPN settings through Systems Manager (SM).

A Virtual Private Network ( or VPN) is used to allow secure, remote connection and access to a network. Systems Manager can be used to automatically push the VPN settings to managed iOS, OS X, and Samsung KNOX enabled Android devices. Within SM, a VPN connection can be configured manually, or with the addition of a MX Security Appliance or Cisco Meraki Concentrator in the same Dashboard organization, configured automatically. Automatically importing the VPN settings from the MX or Concentrator network will not only greatly simplify the configuration process, it will also prevent any typo errors in the VPN settings.

 

  • Note: Deploying VPN settings via SM is available for iOS, OS X, and Samsung KNOX enabled Android devices.
  • More Information:  Configuring client VPN.
  • More Information: For detailed information on how to create and deploy SM configuration profiles to different groups of managed devices, please consult this Knowledge Base article.

Sentry VPN Security

Sentry VPN Security allows you to define a tag-scope to receive a Dynamically generated VPN Configuration from the Security appliance > Configure > Client VPN page:

Sentry Configuration for VPN

This option uses the Cisco Meraki cloud to automatically configure a VPN connection to a MX Security Appliance or VM Concentrator added in the same Dashboard Organization as the Systems Manager network.

  1. Navigate to the MDM > Settings page. 
  2. Select the VPN tab.
  3. Configuration: Select Sentry.
  4. Network: Select the Dashboard network (MX or Concentrator) that contains the desired VPN connection. 
  5. Account: Specify the name of the user account used for authenticating the connection. 
  6. Send All Traffic: Check this flag to send all device traffic through the VPN connection (Optional). 
  7. Proxy Setup: Configure a proxy to be used with the connection (Optional).  

The following screenshot displays an example of how to set up the Sentry VPN connection:

Manual Configuration

This option allows you to manually configure VPN settings.  The supported and configurable manual VPN protocols are L2TP, PPTP, IPsec (Cisco), and Cisco AnyConnect.  

  1. Navigate to the MDM > Settings page. 
  2. Select the VPN tab. 
  3. Configuration: Choose Manual.
  4. Connection Name: Input a name for the VPN connection that will be displayed on the iOS device. 
  5. Connection Type: Select either L2TP, PPTP, or IPsec (Cisco). 
  6. Sever: Input the public IP address of the VPN server. 
  7. Shared Secret (L2TP Only): Input the shared secret for the VPN connection.
  8. User Authentication: Select the user authentication method. Choosing Password allows the device user to be prompted for a password when using the VPN connection. 
  9. Account: Specify the name of the user account used for authenticating the connection (e.g., DOMAIN\username, or username@domain.tld). 
  10. Group Name (AnyConnect Only): Specifies the group in which the AnyConnect Account resides).  
  11. Send All Traffic: Check this flag to send all device traffic through the VPN connection (Optional). 
  12. Proxy Setup: Configure a proxy to be used with the connection (Optional).  

The following screenshot displays an example of how to setup the Manual VPN connection:

 

Systems Manager can be used to push VPN configuration settings to remotely managed iOS, OS X, and Samsung KNOX enabled Android devices.  Adding a MX or Concentrator network to the Dashboard Organization can greatly simplify the configuration process by importing the VPN settings, and automatically updating them if any changes are made. Once the managed devices are able to check-in with SM, the VPN connection profile payload will install and be available for the device user to select.

You must to post a comment.
Last modified
15:53, 1 Jun 2016

Tags

This page has no custom tags.

Classifications

This page has no classifications.

Article ID

ID: 1286

Contact Support

Most questions can be answered by reviewing our documentation, but if you need more help, Cisco Meraki Support is ready to work with you.

Open a Case