Export (0) Print
Expand All

How to Create VPN Profiles in Configuration Manager

Updated: June 2, 2014

Applies To: System Center 2012 R2 Configuration Manager

noteNote
The information in this topic applies only to System Center 2012 R2 Configuration Manager.

Create VPN profiles in System Center 2012 Configuration Manager to deploy VPN settings to users in your company. By deploying these settings, you reduce the end-user effort that is required to connect to resources on the company network.

Use the following required steps to create a VPN profile by using the Create VPN Profile Wizard.

 

Step Details More information

Step 1: Start the Create VPN Profile Wizard.

Start the wizard in the Assets and Compliance workspace in the Compliance Settings node.

See the Step 1: Start the Create VPN Profile Wizard section in this topic.

Step 2: Provide general information about the VPN profile.

Enter a name and description for the VPN profile. You can also import an existing VPN profile from a file.

See the Step 2: Provide General Information about the VPN Profile section in this topic.

Step 3: Provide connection information for the VPN profile.

Configure the connection type and VPN servers for the VPN profile.

See the Step 3: Provide Connection Information for the VPN Profile section in this topic.

Step 4: Configure the authentication method for the VPN profile.

Configure the authentication method and certificates that the VPN profile uses.

See the Step 4: Configure the Authentication Method for the VPN Profile section in this topic.

Step 5: Configure proxy settings for the VPN profile.

Configure proxy settings if they are required for the VPN connection.

See the Step 5: Configure Proxy Settings for the VPN Profile section in this topic.

Step 6: Configure supported platforms for the VPN profile.

Configure supported platforms. Supported platforms are the operating systems on which the VPN profile is to be installed.

See the Step 6: Configure Supported Platforms for the VPN Profile section in this topic.

Step 7: Complete the wizard.

Complete the wizard to create the new VPN profile.

See the Step 7: Complete the Wizard section in this topic.

ImportantImportant
Automatic VPN connections are not available in Configuration Manager. If you configure any options for this type of connection, they will not be configured on your managed devices.

Use the following information when the steps in the preceding table require supplemental procedures.

Use this procedure to start the Create VPN Profile Wizard.

  1. In the Configuration Manager console, click Assets and Compliance.

  2. In the Assets and Compliance workspace, expand Compliance Settings, expand Company Resource Access, and then click VPN Profiles.

  3. On the Home tab, in the Create group, click Create VPN Profile.

Use this procedure to provide general information about the VPN profile.

  1. On the General page of the Create VPN Profile Wizard, specify the following information:

    • Name - Enter a unique name for the VPN profile. You can use a maximum of 256 characters.

      ImportantImportant
      Do not use the characters \/:*?<>|, or the space character in the VPN profile name, because these characters are not supported by the Windows Server VPN profile.

    • Description - Enter a description that gives an overview of the VPN profile and other relevant information that helps identify it in the Configuration Manager console. You can use a maximum of 256 characters.

    • Import an existing VPN profile item from a file – Select this option to display the Import VPN Profile page. On this page, you can import VPN profile information for the Windows 8.1 and Windows RT operating systems that has previously been exported to an XML file.

Use this procedure to specify connection information for the VPN profile.

  1. On the Connection page of the Create VPN Profile Wizard, specify the following information:

    • Connection type: From the drop-down list, select the connection type for the VPN connection. You can choose from the connection types in the following table that shows the platforms that each connection type supports.

       

      Connection type iOS Windows 8.1 Windows RT Windows RT 8.1 Windows Phone 8.1

      Cisco AnyConnect

      Yes

      No

      No

      No

      No

      Juniper Pulse

      Yes

      Yes

      No

      Yes

      Yes

      F5 Edge Client

      Yes

      Yes

      No

      Yes

      Yes

      Dell SonicWALL Mobile Connect

      Yes

      Yes

      No

      Yes

      Yes

      Check Point Mobile VPN

      Yes

      Yes

      No

      Yes

      Yes

      Microsoft SSL (SSTP)

      No

      Yes

      Yes

      Yes

      No

      Microsoft Automatic

      No

      Yes

      Yes

      Yes

      No

      IKEv2

      No

      Yes

      Yes

      Yes

      Yes

      PPTP

      Yes

      Yes

      Yes

      Yes

      No

      L2TP

      Yes

      Yes

      Yes

      Yes

      No

      noteNote
      To support Windows Phone 8.1, you must install the optional Windows Phone 8.1 extension. For information on how to install the extension, see Planning to Use Extensions in Configuration Manager.

      noteNote
      Computers that run the x86 or x64 versions of Windows 8.1 support automatic VPN connections. However, you cannot use the option Use an automatic VPN connection (if configured), in the Create Application Wizard to associate the application with a VPN profile. In this case, you can configure a VPN profile to establish an automatic connection from the Create VPN Profile Wizard or import an XML VPN profile.

    • Server list: Click Add to add a new VPN server to use for the VPN connection. Depending on the connection type, you can add one or more VPN servers and also specify which server is to be the default server.

      noteNote
      Devices that run iOS do not support using multiple VPN servers. If you configure multiple VPN servers and then deploy the VPN profile to an iOS device, only the default server is used.

    The further options in the following table might be displayed, which depends on the connection type that you selected. See the VPN server documentation for more information about these options.

     

    Option More information

    Realm

    Used by the Juniper Pulse connection type.

    Specify the name of the authentication realm that you want to use. An authentication realm is a grouping of authentication resources that is used by the Juniper Pulse connection type.

    Role

    Used by the Juniper Pulse connection type.

    Specify the name of the user role that has access to this connection.

    Login group or domain

    Used by the Dell SonicWALL Mobile Connect connection type.

    Specify the name of the login group or domain that you want to connect to.

    Send all network traffic through the VPN connection

    Used by the Microsoft SSL (SSTP), Microsoft Automatic, IKEv2, PPTP and L2TP connection types.

    If this option is not selected, you can specify additional routes for the connection, which is known as split or VPN tunneling.

    Only connections to the company network are sent over a VPN tunnel. VPN tunneling is not used when you connect to resources on the Internet.

    If this option is selected, automatic VPN connections do not function.

    Connection specific DNS suffix

    Used by the Microsoft SSL (SSTP), Microsoft Automatic, IKEv2, PPTP and L2TP connection types.

    Optionally, specify the connection-specific Domain Name System (DNS) suffix for the connection.

Use this procedure to configure the authentication method for the VPN profile.

  1. On the Authentication Method page of the Create VPN Profile Wizard, specify the following information:

    • Authentication method: From the drop-down list, select the authentication method that the VPN connection will use. The items in the drop-down list might differ; they depend on the connection type that you previously selected. The available authentication methods and the supported connection types are listed in the following table.

       

      Authentication method Supported connection types

      Certificates

      TipTip
      If the client certificate is used to authenticate to a RADIUS server, such as a Network Policy Server, the Subject Alternative Name in the certificate must be set to the User Principal Name.

      Cisco AnyConnect, Juniper Pulse, F5 Edge Client, Dell SonicWALL Mobile Connect, Check Point Mobile VPN

      User name and Password

      Juniper Pulse, F5 Edge Client, Dell SonicWALL Mobile Connect, Check Point Mobile VPN

      Microsoft EAP-TTLS

      Microsoft SSL (SSTP), Microsoft Automatic, IKEv2, PPTP, L2TP

      Microsoft protected EAP (PEAP)

      Microsoft SSL (SSTP), Microsoft Automatic, IKEv2, PPTP, L2TP

      Microsoft secured password (EAP-MSCHAP v2)

      Microsoft SSL (SSTP), Microsoft Automatic, IKEv2, PPTP, L2TP

      Smart Card or other certificate

      Microsoft SSL (SSTP), Microsoft Automatic, IKEv2, PPTP, L2TP

      MSCHAP v2

      Microsoft SSL (SSTP), Microsoft Automatic, PPTP, L2TP

      RSA SecurID

      Microsoft SSL (SSTP), Microsoft Automatic, PPTP, L2TP

      Use machine certificates

      IKEv2

    • Remember the user credentials at each logon: Select this option to ensure that the user credentials are remembered so that the user does not have to enter credentials each time a connection is established.

Use this procedure to provide optional proxy settings for the VPN profile.

  1. On the Proxy Settings page of the Create VPN Profile Wizard, select the Configure proxy settings for this VPN profile check box if your VPN connection uses a proxy server.

  2. Specify details about your proxy server and its settings. For more information, see the Windows Server documentation.

Use the following procedure to specify the supported platforms for the VPN profile.

Supported platforms are the operating systems on which the VPN profile will be installed.

  1. On the Supported Platforms page of the Create VPN Profile Wizard, select the operating systems on which the VPN profile will be installed, or click Select all to install the VPN profile on all available operating systems.

On the Summary page of the wizard, review the actions to be taken, and then complete the wizard. The new VPN profile is displayed in the VPN Profiles node in the Assets and Compliance workspace.

For information about how to deploy the VPN profile, see How to Deploy VPN Profiles in Configuration Manager.

-----
For additional resources, see Information and Support for Configuration Manager.

Tip: Use this query to find online documentation in the TechNet Library for System Center 2012 Configuration Manager. For instructions and examples, see Search the Configuration Manager Documentation Library.
-----
Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft