Operation Manual

ManualsBrandsApple ManualsOtheriOS Implementierung

Chapter 4 Infrastructure and integration 35

iOS and OS X also support industry-standard technologies such as IPv6, proxy servers, and split-

tunneling, providing a rich VPN experience when connecting to corporate networks. And iOS

and OS X work with a variety of authentication methods including password, two-factor token,

digital certicates, and for OS X, Kerberos. To streamline the connection in environments where

certicate-based authentication is used, iOS and OS X feature VPN On Demand, which initiates a

VPN session when it’s needed in order to connect to specied domains.

With iOS 7 or later and OS X Yosemite or later, individual apps can be congured to use a VPN

connection independent from other apps. This ensures that corporate data always ows over a

VPN connection, and other data, such as an employee’s personal apps from the App Store, does

not. For details, see Per App VPN.

iOS also features Always-on VPN, when an iOS device must connect to a known, approved VPN

before connecting to any other network services. You can congure Always-on VPN for both

cellular and Wi-Fi congurations. For example, using Always-on VPN, an iOS device must connect

to a known and approved VPN before connecting to any other network services such as mail,

web, or messages. This feature depends on your VPN provider supporting this conguration,

and is available only for supervised devices. For information, see the Always-on VPN Overview.

Supported protocols and authentication methods

iOS and OS X support the following protocols and authentication methods:

•

L2TP over IPSec: User authentication by MS-CHAP v2 password, two-factor token, certicate,

machine authentication by shared secret or certicate.

•

SSL VPN: User authentication by password, two-factor token, certicates using a third-party

VPN client.

•

Cisco IPSec: User authentication by password, two-factor token, machine authentication by

shared secret and certicates.

•

IKEv2: Certicates (RSA-only), EAP-TLS, EAP-MSCHAPv2. (iOS-only)

•

PPTP: User authentication by MS-CHAP v2 password, certicate, and two-factor token.

OS X can also use Kerberos machine authentication by shared secret or certicate with L2TP over

IPSec and with PPTP.

SSL VPN clients

Several SSL VPN providers have created apps to help congure iOS devices for use with their

solutions. To congure a device for a specic solution, install the companion app from the

App Store and, optionally, provide a conguration prole with the necessary settings.

SSL VPN solutions include:

•

AirWatch SSL VPN: For information, see the AirWatch website.

•

Aruba Networks SSL VPN: iOS supports Aruba Networks Mobility Controller. For conguration,

install the Aruba Networks VIA app, available on the App Store.

For contact information, see the Aruba Networks website.

•

Check Point Mobile SSL VPN: iOS supports the Check Point Security Gateway with a full Layer-3

VPN tunnel. Install the Check Point Mobile app, available on the App Store.

•

Cisco AnyConnect SSL VPN: iOS supports Cisco Adaptive Security Appliance (ASA) running

suggested software release 8.2.5 or later. Install the Cisco AnyConnect app, available on the

App Store.

•

F5 SSL VPN: iOS supports F5 BIG-IP Edge Gateway, Access Policy Manager, and FirePass SSL VPN

solutions. Install the F5 BIG-IP Edge Client app, available on the App Store.

100% resize factor