VPN
The VPN settings provide settings for a Virtual Private Network (VPN) on an Android device.
Supported VPN configuration types
The following table lists the VPN types that are supported by MaaS360® on Android devices:
| VPN configuration type | Supported devices |
|---|---|
| L2TP | SAFE 2.0 to SAFE 2.2, Motorola EDM 3.0+ |
| PPTP | SAFE 2.0+ or Motorola EDM 3.0+ |
| L2TP/IPsec PSK | SAFE 2.0+ or Motorola EDM 3.0+ |
| IPsec XAuth PSK | SAFE 3.0+ or Motorola EDM 3.0+ |
| Cisco AnyConnect | Android 4.0+ |
| IPsec XAuth RSA | SAFE 3.0+ or Motorola EDM 3.0+ |
| Aruba VIA® | Android 4.0+ |
| F5 VPN | Android L+ |
| IKEV1/IPsec Xauth Hybrid | Android L+ |
| MaaS360 VPN | Android L+ |
| Pulse Secure | Android 5.75+ |
VPN configuration settings
The following table describes the VPN settings that you can configure on an Android device:
| Policy setting | Description |
|---|---|
| VPN connection name | The unique name of the VPN connection. |
| Host name of the VPN server | The fully qualified host name that is used to access the VPN server from the internet. A
fully qualified host name contains the server name of the VPN server followed by the registered
internet domain name. For example, |
| Select VPN server | The VPN server that is used for the MaaS360 VPN profile. |
| Enable L2TP secret | If this setting is enabled in the policy, the Layer 2 Tunneling Protocol (L2TP) allows the remote client to connect to the corporate network from the internet or from a service provider. |
| L2TP secret | The password that is used to connect to the L2TP VPN server. |
| Domain | The domain name for the VPN. Leave this field blank if you want to use enrollment information to populate the field. |
| DNS search domains | The DNS search domain that the DNS service uses to resolve host names that are not fully qualified. |
| DNS servers | The DNS server name that is assigned to the VPN client. |
| Forwarding routes | The forwarding route details that are needed to send traffic through the VPN to a router. |
| Enable encryption | Data encryption is enabled. |
| IPSec pre-shared key | The secret pre-shared key (PSK) that was previously shared between two parties. |
| IPSec identifier | The group policy name that you entered for the IPSec PSK VPN. |
| Prompt user to install Cisco AnyConnect from the Google Play Store | If this setting is enabled in the policy, the user is prompted to install Cisco AnyConnect from the Google Play Store. |
| Certificate mode | A certificate can be fetched automatically, manually, or disabled. |
| Identity certificates | The identity certificate that is used to identify a configured VPN as a legitimate VPN
connection. Note: This setting requires that the Passcode policy is also configured on the device.
This setting is supported for Android MDM App 3.55 and later.
|
| CA certificate | Use the Manage Policy Files workflow to upload the certificate
authority (CA), and then select the required CA certificate. This setting requires that the Passcode policy is also configured on the device. |
| VIA auth profile | The Virtual Internet Access (VIA) authentication profile that authenticates VIA users to a
server group. This setting is required if you are using different authentication profiles for different users. |
| Keep the VPN connection on at all times | If this setting is enabled in the policy, the VPN session starts when the device starts and then connects to the VPN. |
| Maximum connection duration (in hours) | The VPN connection is terminated after a specific amount of time elapsed. This setting applies only if the Keep the VPN connection on at all times setting is disabled. Allowed values are 1 - 24 hours. |
| Terminate inactive connection After (in minutes) | The VPN connection is terminated after a specific amount of inactivity. Allowed values are 5
- 60 minutes. This setting applies only if the Keep the VPN connection on at all times setting is disabled. |
| Profile name | The name that identifies the VPN profile. |
| Server address | The VPN server address that is the qualified host name. |
| Logon mode | The user logon mode that is used to access the VPN connection. |
| Username | The user name that is used to access the VPN. Leave this field blank if you want to use enrollment information to populate the field. You can also use %email% in this field. |
| Password | The password for the VPN connection. |
| Authentication type | The authentication type that is used for the VPN connection: Password, Certificate, or
Certificate and Password. Note: Certificate and Certificate and Password mode are supported on SAFE
devices only.
|
| Realm | The realm that usually contains the user account location and user account name. |
| Role | The user role-level settings. |
| User authentication type | Options that are available for user authentication, such as shared secret and CSE authentication. |
| Allow users to update VPN profile | If this setting is enabled in the policy, the user can update the VPN profile. Note: This
setting prevents the user from modifying the VPN configuration. The user can modify the user name
and password only. This setting requires Android MDM App 5.28+.
|
| Type | The VPN type is either container level or app level. Choose Container level for the device level VPN. |
| Apps allowed to use VPN configuration | The names of the app IDs, which are separated by commas, that can use the VPN
configuration. Note: This setting applies to app-level VPN only.
|
| Apps not allowed to use VPN configuration | The names of the app IDs, which are separated by commas that cannot use the VPN
configuration. Note: This setting applies to app-level VPN only.
|