Manual Apple iOS Implementierung (page 39 of 88) (English)

598868

Zoom out

Zoom in

1/88

Chapter 4 Infrastructure and integration 39

VPN On Demand is congured using the OnDemandRules key in a VPN payload of a

conguration prole. Rules are applied in two stages:

•

Network Detection Stage: Denes VPN requirements that are applied when the device’s

primary network connection changes.

•

Connection Evaluation Stage: Denes VPN requirements for connection requests to domain

names on an as-needed basis.

For example, rules can be used to:

•

Recognize when an Apple device is connected to an internal network and VPN isn’t necessary

•

Recognize when an unknown Wi-Fi network is being used and require VPN for all network

activity

•

Require VPN when a DNS request for a specied domain name fails

Stages

VPN On Demand connects to your network in two stages.

Network detection stage

VPN On Demand rules are evaluated when the device’s primary network interface changes—

such as when an Apple device changes to a dierent Wi-Fi network, or switches to cellular on

iOS or Ethernet on OS X from Wi-Fi. If the primary interface is a virtual interface, such as a VPN

interface, VPN On Demand rules are ignored.

The matching rules in each set (dictionary) must all match in order for their associated action to

be taken If any one of the rules doesn’t match, evaluation falls through to the next dictionary in

the array, until the OnDemandRules array is exhausted.

The last dictionary should dene a “default” conguration—that is, it should have no matching

rules, only an action. This will catch all connections that haven’t matched the preceding rules.

Connection evaluation stage

VPN can be triggered as needed, based on connection requests to certain domains, rather than

unilaterally disconnecting or connecting VPN based on the network interface.

Rules and actions

Rules help dene the type of networks associated with VPN On Demand. Actions help dene

what happens when matching rules are found to be true.

On Demand matching rules

Specify one or more of the following matching rules for Cisco IPSec clients:

•

InterfaceTypeMatch: Optional. A string value of “cellular (for iOS) or Ethernet (for OS X)” or “Wi-

Fi.” If specied, this rule matches when the primary interface hardware is of the type specied.

•

SSIDMatch: Optional. An array of SSIDs to match against the current network. If the network

isn’t a Wi-Fi network or if its SSID does not appear in the list, the match fails. Omit this key and

its array to ignore SSID.

•

DNSDomainMatch: Optional. An array of search domains as strings. If the congured DNS

search domain of the current primary network is included in the array, this property matches.

Wildcard prex (*) is supported; e.g., *.example.com would match anything.example.com.

•

DNSServerAddressMatch: Optional. An array of DNS servers addresses as strings. If all of the

DNS server addresses currently congured for the primary interface are in the array, this

property will match. The wildcard character (*) is supported; for example, 1.2.3.* would match

any DNS servers with a 1.2.3. prex.

100% resize factor

Report abuse

Libble takes abuse of its services very seriously. We're committed to dealing with such abuse according to the laws in your country of residence. When you submit a report, we'll investigate it and take the appropriate action. We'll get back to you only if we require additional details or have more information to share.

Product:

Forumrules

To achieve meaningful questions, we apply the following rules:

First, read the manual;
Check if your question has been asked previously;
Try to ask your question as clearly as possible;
Did you already try to solve the problem? Please mention this;
Is your problem solved by a visitor then let him/her know in this forum;
To give a response to a question or answer, do not use this form but click on the button 'reply to this question';
Your question will be posted here and emailed to our subscribers. Therefore, avoid filling in personal details.

new questions and answers
new manuals

You will receive an email to register for one or both of the options.

Get your user manual by e-mail

Enter your email address to receive the manual of Apple iOS Implementierung in the language / languages: English as an attachment in your email.

The manual is 2,32 mb in size.

You will receive the manual in your email within minutes. If you have not received an email, then probably have entered the wrong email address or your mailbox is too full. In addition, it may be that your ISP may have a maximum size for emails to receive.

Others manual(s) of Apple iOS Implementierung

Apple iOS Implementierung User Manual - German - 99 pages

Apple iOS Implementierung User Manual - Dutch - 100 pages

The manual is sent by email. Check your email

If you have not received an email with the manual within fifteen minutes, it may be that you have a entered a wrong email address or that your ISP has set a maximum size to receive email that is smaller than the size of the manual.

The email address you have provided is not correct.

Please check the email address and correct it.

Your question is posted on this page

Would you like to receive an email when new answers and questions are posted? Please enter your email address.

Info

Apple iOS Implementierung Manual

Product: