Home / iPad

---

Planning How to Connect the iPad and iPhone to Your VPN

In this section, we'll look quickly at planning how the iPad and iPhone will connect to your VPN. We'll start by reviewing the VPN technologies the iPad and iPhone support, talk about settings you may need to change to make your VPN friendly to the iPad and iPhone, and finish by considering which users you should grant remote access to the network.

Making Sure Your VPN Uses Suitable Technologies and Settings for the iPad and iPhone

The first step in planning the connection is to make sure your VPN uses one (or more) of the five widely used types of VPN that the iPad and iPhone support:

• Cisco IPSec Cisco IP Security is widely used for establishing secure VPN connections. With IPSec, you can use several different methods of authentication, including x.509 digital certificates, RSA SecurID, and CRYPTOCard.
• L2TP Over IPSec Layer 2 Tunneling Protocol over IPSec gives good security and is widely used. With L2TP, you can use either a password or a shared secret for authentication.
• PPTP Point-to-Point Tunneling Protocol is the weakest of the widely used VPN technologies. Use PPTP only if you can't use any other VPN type. PPTP uses a password to secure connections.
• Cisco AnyConnect Cisco AnyConnect VPN technology uses the Datagram Transport Layer Security (DTLS) protocol to provide security and performance over VPN connections. With AnyConnect, you can use either a password or a certificate for authentication.
• Juniper SSL Juniper Networks' VPN appliances use Juniper SSL to secure the VPN connections. With Juniper SSL, you can use either a password or a certificate to secure the connection.

NOTE When you use a certificate to authenticate a Cisco IPSec, Cisco AnyConnect, or Juniper SSL VPN, you can enable VPN on demand, which can be a big timesaver. VPN on demand makes the iPad or iPhone automatically establish a VPN connection when the user tries to access any of the domains or host names you add to the connection's list.

If your VPN uses one of those five types, you're halfway there. (Otherwise, you'll need to add one of those five types to your VPN setup.) You should also take these three steps:

• Check your VPN concentrators: Make sure they use VPN standards the iPad and iPhone support.
• Check the authentication path: Make certain your RADIUS server or VPN authentication server is using iPad- and iPhone-friendly standards.
• Use suitable certificates: If you're using certificates for authentication, the iPad and iPhone can use PKCS1 format (files in the .cer, .crt, and .der file formats) and PKCS12 format (files in the .p12 and .pfx file formats).

TIP: To avoid problems, make sure your remote access routers and concentrators are running the latest firmware versions. Update them if they're not.

Deciding Whom to Grant Remote Access to the Network

If you already have a VPN, chances are that you already give some users remote access to the network. Normally, you'll want to manage these users by putting them in a group-for example, a VPN Users group.

To manage your iPad and iPhone users who connect to the VPN, create a similar group. Depending on the setup, you may be able to put all the VPN users in a single group, or you may need to use separate groups to slice and dice their permissions more thinly-for example, to give some users different access permissions than others. For instance, you yourself may need remote access so that you can administer and troubleshoot the network remotely from the iPad or iPhone, but you want to keep other VPN users safely cordoned off from your sensitive servers.