User Guide

36 Chapter 2 Creating and Deploying Configuration Profiles

VPN Settings

Use this payload to enter the VPN settings for connecting to your network. You can add

multiple sets of VPN connections by clicking the Add (+) button.

For information about supported VPN protocols and authentication methods, see

“VPN” on page 10. The options available vary by the protocol and authentication

method you select.

VPN On Demand

For certificate-based IPSec configurations, you can turn on VPN On Demand so that a

VPN connection is automatically established when accessing certain domains.

The VPN On Demand options are:

The action applies to all matching addresses. Addresses are compared using simple

string matching, starting from the end and working backwards. The address

“.example.org” matches “support.example.org” and “sales.example.org” but doesn’t

match “www.private-example.org”. However, if you specify the match domain as

“example.com”—notice there is not a period at the start—it matches “www.private-

example.com” and all the others.

Note that LDAP connections won’t initiate a VPN connection; if the VPN hasn’t already

been established by another application, such as Safari, the LDAP lookup fails.

VPN Proxy

iPhone supports manual VPN proxy, and automatic proxy configuration using PAC or

WPAD. To specify a VPN proxy, select an option from the Proxy Setup pop-up menu.

Setting Description

Always Initiates a VPN connection for any address that matches the

specified domain.

Never Does not initiate a VPN connection for addresses that match the

specified domain, but if VPN is already active, it may be used.

Establish if needed Initiates a VPN connection for addresses that match the specified

domain only after a failed DNS look-up has occurred.