Home > Endpoint Management > Profiles and Settings > Systems Manager VPN Configurations and Sentry VPN

Systems Manager VPN Configurations and Sentry VPN

The purpose of this article is to demonstrate how to configure VPN settings through Systems Manager (SM).

A Virtual Private Network ( or VPN) is used to allow secure, remote connection and access to a network. Systems Manager can be used to automatically push the VPN settings to managed iOS, OS X, and Samsung KNOX enabled Android devices. Within SM, a VPN connection can be configured manually, or with the addition of a MX Security Appliance or Cisco Meraki Concentrator in the same Dashboard organization, configured automatically. Automatically importing the VPN settings from the MX or Concentrator network will not only greatly simplify the configuration process, it will also prevent any typo errors in the VPN settings.

Note: Deploying VPN settings via SM is available for iOS, OS X, and Samsung KNOX enabled Android devices.

 

More InformationConfiguring client VPN.

More Information: For detailed information on how to create and deploy SM configuration profiles to different groups of managed devices, please consult this article.

Sentry VPN on Meraki MX-Z Devices

Sentry VPN Security allows you to define a tag-scope to receive a Dynamically generated VPN Configuration from the Security appliance > Configure > Client VPN page, and configured by selecting the appropriate tag scoping for your SM devices:

Sentry Configuration for VPN in Systems Manager

This option uses the Cisco Meraki cloud to automatically configure a VPN connection to a MX Security Appliance or VM Concentrator added in the same Dashboard Organization as the Systems Manager network.

  1. Navigate to the Systems Manager > MDM > Settings page. 
  2. Select the VPN tab.
  3. Configuration: Select Sentry.
  4. Network: Select the Dashboard network (MX or Concentrator) that contains the desired VPN connection. 
  5. Account: Specify the name of the user account used for authenticating the connection. 
  6. Send All Traffic: Check this flag to send all device traffic through the VPN connection (Optional). 
  7. Proxy Setup: Configure a proxy to be used with the connection (Optional).  

The following screenshot displays an example of how to set up the Sentry VPN connection:

sentry1.png

Manual Configuration

This option allows you to manually configure VPN settings.  The supported and configurable manual VPN protocols are L2TP, PPTP, IPsec (Cisco), and Cisco AnyConnect.  

  1. Navigate to the MDM > Settings page. 
  2. Select the VPN tab. 
  3. Configuration: Choose Manual.
  4. Connection Name: Input a name for the VPN connection that will be displayed on the iOS device. 
  5. Connection Type: Select either L2TP, PPTP, or IPsec (Cisco). 
  6. Sever: Input the public IP address of the VPN server. 
  7. Shared Secret (L2TP Only): Input the shared secret for the VPN connection.
  8. User Authentication: Select the user authentication method. Choosing Password allows the device user to be prompted for a password when using the VPN connection. 
  9. Account: Specify the name of the user account used for authenticating the connection (e.g., DOMAIN\username, or username@domain.tld). 
  10. Group Name (AnyConnect Only): Specifies the group in which the AnyConnect Account resides).  
  11. Send All Traffic: Check this flag to send all device traffic through the VPN connection (Optional). 
  12. Proxy Setup: Configure a proxy to be used with the connection (Optional).  

The following screenshot displays an example of how to setup the Manual VPN connection:

manual1.png

 

Systems Manager can be used to push VPN configuration settings to remotely managed iOS, OS X, and Samsung KNOX enabled Android devices.  Adding a MX or Concentrator network to the Dashboard Organization can greatly simplify the configuration process by importing the VPN settings, and automatically updating them if any changes are made. Once the managed devices are able to check-in with SM, the VPN connection profile payload will install and be available for the device user to select.

Cisco AnyConnect and AnyConnect Legacy 

When selecting the Cisco Anyconnect connection type, a certificate will be required to be uploaded. This certificate can be exported from the VPN endpoint device and uploaded to dashboard after clicking on the "Add Credentials" option.

b77d844f-3ccf-45b3-ba40-b0496376ef67.png

Last modified

Tags

Classifications

This page has no classifications.

Explore the Product

Click to Learn More

Article ID

ID: 1286

Explore Meraki

You can find out more about Cisco Meraki on our main site, including information on products, contacting sales and finding a vendor.

Explore Meraki

Contact Support

Most questions can be answered by reviewing our documentation, but if you need more help, Cisco Meraki Support is ready to work with you.

Open a Case

Ask the Community

In the Meraki Community, you can keep track of the latest announcements, find answers provided by fellow Meraki users and ask questions of your own.

Visit the Community