Manualshelf

User guide

ManualsBrandsBlackberry ManualsComputer equipmentENTERPRISE SOLUTION SECURITY - SECURITY FOR DEVICES WITH BLUETOOTH WIRELESS TECHNOLOGY - TECHNICAL
141142143144145146147148149150
Using a VPN with a device
If your organization’s environment includes VPNs, such as an IPSec VPN, you can configure a Wi-Fi enabled BlackBerry
device to authenticate with the VPN so that it can access your organization's network. A VPN provides an encrypted tunnel
between a device and your organization’s network.
A VPN solution consists of a VPN client on the device and a VPN concentrator. The device can use the VPN client to
authenticate with the VPN concentrator, which acts as the gateway to your organization's network. Each device includes a
VPN client that supports several VPN concentrators. The VPN client on the device is designed to use strong encryption to
authenticate with the VPN concentrator. It creates an encrypted tunnel between the device and VPN concentrator that the
device and your organization's network can use to communicate.
After you configure the VPN, the device can use a layer 2 security method to connect to the enterprise Wi-Fi network, and
use the VPN to authenticate with your organization's network. In this scenario, the enterprise
Wi-Fi network is an untrusted
network, and only the VPN can authenticate with your organization's network.
For a list of supported VPN concentrators, visit www.blackberry.com/support to read article KB13354.
Permitting a Wi-Fi enabled device to log in to a VPN
concentrator
To permit a Wi-Fi enabled BlackBerry device to log in to a VPN concentrator automatically after it connects to an enterprise
Wi-Fi network, you or a user can configure a VPN profile that includes a user name and password for authentication with
the VPN concentrator. Depending on your organization’s security policy, you or the user can save the user name and
password for authentication with the VPN concentrator on the device. When you or the user saves the user name and
password, the device does not prompt the user for the user name and password the first time or each time that the device
connects to the enterprise
Wi-Fi network.
The device is also compatible with VPN environments that use two-factor authentication using hardware tokens or software
tokens for credentials. When the device tries to log in to the VPN, the device uses credentials that the token generates or
that the user provides.
For more information about configuring VPN profiles, see the BlackBerry Enterprise Server Administration Guide.
Security Technical Overview Wi-Fi enabled devices
144