Manualshelf

User Guide

ManualsBrandsApple ManualsOtherIPHONE OS
11121314151617181920
18 Chapter 1 Deploying iPhone and iPod touch
 If you plan to use certificate-based authentication, make sure you have your public
key infrastructure configured to support device and user-based certificates with the
corresponding key distribution process.
 Verify the compatibility of your certificate formats with the device and your
authentication server. For information about certificates see “Certificates and
Identities on page 11.
Virtual Private Networks
Secure access to private networks is supported on iPhone and iPod touch using Cisco
IPSec, L2TP over IPSec, and PPTP virtual private network protocols. If your organization
supports one of these protocols, no additional network configuration or third-party
applications are required to use your devices with your VPN infrastructure.
Cisco IPSec deployments can take advantage of certificate-based authentication via
industry-standard X.509 certificates. Additionally, certificate-based authentication
allows you to take advantage of VPN On Demand which provides seamless, secure
wireless access to your enterprise network.
For two-factor token-based authentication, iPhone and iPod touch support RSA
SecurID and CryptoCard. Users enter their PIN and token-generated, one-time
password directly on their device when establishing a VPN connection. See Appendix A
for compatible Cisco VPN servers and recommendations about configurations.
iPhone and iPod touch also support shared secret authentication for Cisco IPSec
and L2TP/IPSec deployments and MS-CHAPv2 for basic user name and password
authentication.
VPN Proxy auto-config (PAC and WPAD) is also supported, which allows you specify
proxy server settings for accessing specific URLs.
VPN Setup Guidelines
 iPhone integrates with most existing VPN networks, so minimal configuration should
be necessary to enable iPhone access to your network. The best way to prepare for
deployment is to check if your companys existing VPN protocols and authentication
methods are supported by iPhone.
 Ensure compatibility with standards by your VPN concentrators. It’s also a good idea
to review the authentication path to your RADIUS or authentication server to make
sure standards supported by iPhone are enabled within your implementation.
 Check with your solutions providers to confirm that your software and equipment
are up-to-date with the latest security patches and firmware.
 If you want to configure URL-specific proxy settings, place a PAC file on a web server
that’s accessible with the basic VPN settings, and ensure that its served with a MIME
type of application/x-ns-proxy-autoconfig. Alternatively, configure your DNS or DHCP
to provide the location of a WPAD file on a server that is similarly accessible.