Home / iPad

Specifying the Authentication for an IPSec VPN

For an IPSec VPN, you can choose between using a certificate to authenticate the iPad or iPhone and using a group identifier or shared secret. The options available to you depend on which of these two types of authentication you use.

After choosing the basic settings for the VPN, open the Machine Authentication drop-down list or pop-up menu in the VPN pane and choose Shared Secret/Group Name or Certificate, as appropriate.

NOTE If you use a certificate for authentication, add the certificate to the Credentials payload.

If you choose Shared Secret/Group Name in the Machine Authentication drop-down list or pop-up menu, the VPN pane in iPhone Configuration Utility displays the controls. To set up the authentication, follow these steps:

  1. Type the connection's group name in the Group Name text box.
    When using a shared secret or group name for machine authentication on an IPSec VPN, you can choose whether to use hybrid authentication and whether to prompt the user for a password.
  2. Type the shared secret in the Shared Secret text box.
  3. Select the Use Hybrid Authentication check box if you want to make the connection more secure by using a server-side certificate for authentication as well.
  4. Select the Prompt For Password check box if you want the iPad or iPhone to prompt the user for a password.

If you choose Certificate in the Machine Authentication drop-down list or popup menu, the VPN pane displays the controls. To set up the authentication, follow these steps:

  1. Open the Identity Certificate drop-down list or pop-up menu (on the Mac, this pop-up menu is identified only as Credential For Authenticating The Connection at this writing) and choose the certificate to use.
    When using a certificate for machine authentication on an IPSec VPN, you can choose whether to include the user's PIN and whether to enable the VPN on demand.
  2. Select the Include User PIN check box if you want the VPN to request the user's personal identification number (PIN) during the connection and send it along with the authentication data.
[Previous] [Contents] [Next]