Netskope Help

Create an On-Demand VPN Profile

You need to know the VPN Server Name and PAC URL shown in the VPN Configuration section of the Netskope UI (Settings > Security Cloud Platform > Netskope Client > MDM Distribution) to complete these steps.

To create an on-demand VPN profile:

img-07-vpnProfile.png
  1. Go to Devices > Configuration Profiles > Create Profile. Enter and select these parameters

  2. In the Basics tab of the VPN panel, provide a name for the profile and click Next.

    • Name: Enter a unique name.

    • Platform: iOS

    • Profile type: VPN

  3. In the Configuration settings panel, specify the following VPN settings.:

    • Select Connection type as Cisco (IPSec).

    • In the Base VPN section, enter and select these parameters

      img-08-vpnBaseVPN.png
      • Connection Name: Enter a name that users will recognize when the profile is installed on their device.

      • VPN Server address: Enter the VPN Server Name from the VPN Configuration section in the Netskope tenant WebUI.

      • Authentication Method: Certificates.

      • Authentication Certificate: Click Select a client authentication certificate, select the SCEP certificate profile you previously created, and then click OK.

      • Split Tunneling: Disabled

    • In the Automatic VPN section, enter and select these parameters:

      img-09-vpnAutoVPN.png
      • For Type of automatic VPN, select On-demand VPN.

      • For On-demand rules, click Add to enter and select these parameters in the Add Row panel:

        img-09-vpnAutoVPN-addRow.png
        • I want to do the following: Evaluate each connection attempt.

        • Choose whether to connect: Connect if needed.

        • When users try to access these domains: Add the domains for on-demand VPN, like Box.com, and so on (separated by a comma). After entering the URLs, click Add. When this URL is unreachable, force-connect the VPN.

        • When domains resolve using any of these DNS servers: Enter the domains to resolve with DNS servers. (Optional)

    • In the Proxy section, enter the location for PAC URL from the VPN configuration section in the Netskope tenant WebUI.

      10-vpnProxy.png
  4. In the Assignment tab, select the target audience.

  5. In the Review + Create tab, verify the settings and click Create.