topic Systems Manager VPN Settings in Endpoint Security

Systems Manager VPN Settings

DCHGIT — Tue, 12 Dec 2023 21:54:25 GMT

Hello Everyone,

I am trying to configure a VPN payload for iOS in Systems Manager but I cannot get it working for our VPN client. I believe I'm getting hung up on the Local vs. Remote identifiers. I am assuming the Local identifier is the app ID but what is the Remote identifier?

Other MDM's I've worked with allowed for a Connection Type of "Custom" and would ask for an Identifier and/or app bundle ID. I'm just guessing on using IKEv2 here and I'm not sure if the IDs match what Systems Manager is looking for.

Re: Systems Manager VPN Settings

aleabrahao — Wed, 13 Dec 2023 00:03:05 GMT

When configuring a VPN payload for iOS in Cisco Meraki’s Systems Manager, the Local Identifier is typically the identifier for your client or device, which could be an app ID, a user principal name (UPN), or an email address. The Remote Identifier is used to identify the VPN server or the remote end of the VPN connection. It’s often set to the server’s domain name or IP address.

For IKEv2 VPN connections, the Local Identifier can be the user’s email address or another unique identifier, and the Remote Identifier would be the VPN server’s address. If you’re using a custom VPN client, the app bundle ID might be used as part of the VPN configuration, but it’s not typically the Local Identifier.

In Systems Manager, if you’re setting up a manual VPN configuration, you’ll have the option to specify these identifiers. If you’re using Sentry VPN, which automates the VPN setup process, the identifiers may be managed automatically based on the settings of the MX Security Appliance or VM Concentrator in your Dashboard organization.

If you’re unsure about the correct identifiers to use, it’s best to consult with your VPN service provider or network administrator to ensure that the identifiers match the VPN server’s configuration. Additionally, you can refer to the Systems Manager VPN Configurations and Sentry VPN documentation for more detailed instructions on setting up VPN payloads in Systems Manager.

Systems Manager VPN Configurations and Sentry VPN - Cisco Meraki

Systems Manager Logging and Troubleshooting - Cisco Meraki

Re: Systems Manager VPN Settings

Arthur Dent — Wed, 13 Dec 2023 16:54:28 GMT

meraki currently doesn't have support for 3rd party VPN providers custom attributes other than Cisco Anyconnect

The only resolution currently would be to create your VPN config inside Apple Configurator and upload that to SM using the custom mobile config capability:

Whilst you'd still be able to us a static cert for Clint auth, you'd lose the ability to use a unique cert per device capability of SM

Details: