設定 Microsoft Intune 中執行 iOS 之裝置的 VPN 設定Configure VPN settings in Microsoft Intune for devices running iOS

本文說明可用於設定執行 iOS 之裝置上 VPN 連線的 Intune 設定。This article shows you the Intune settings you can use to configure VPN connections on devices running iOS.

下列清單中的值並非全部都能設定,須取決於您選擇的設定。Depending on the settings you choose, not all values in the following list are configurable.

基本 VPN 設定Base VPN settings

  • 連線名稱:輸入此連線的名稱。Connection name: Enter a name for this connection. 使用者會在瀏覽其裝置是否有可用的 VPN 連線清單時,看到此名稱。End users see this name when they browse their device for a list of available VPN connections.

  • IP 位址或 FQDN輸入裝置所連線 VPN 伺服器的 IP 位址或完整網域名稱 (FQDN)。IP address or FQDN: Enter the IP address or fully qualified domain name (FQDN) of the VPN server that devices connect. 例如,輸入 192.168.1.1vpn.contoso.comFor example, enter 192.168.1.1 or vpn.contoso.com.

  • 驗證方法從下列方式中選擇裝置向 VPN 伺服器進行驗證的方式︰Authentication method: Choose how devices authenticate to the VPN server from:

    • 憑證:在 [驗證憑證] 底下,選取現有的 SCEP 或 PKCS 憑證設定檔來驗證連線。Certificates: Under Authentication certificate, select an existing SCEP or PKCS certificate profile to authenticate the connection. 設定憑證提供了一些有關憑證設定檔的指引。Configure certificates provides some guidance about certificate profiles.

    • 使用者名稱及密碼:使用者必須輸入使用者名稱及密碼,才能登入 VPN 伺服器。Username and password: End users must enter a username and password to sign in to the VPN server.

      注意

      如果使用者名稱和密碼用來作為 Cisco IPsec VPN 的驗證方法,它們必須透過自訂的 Apple Configurator 設定檔傳遞 SharedSecret。If username and password are used as the authentication method for Cisco IPsec VPN, they must deliver the SharedSecret through a custom Apple Configurator profile.

  • 連線類型:從下列廠商清單中選取 VPN 連線類型︰Connection type: Select the VPN connection type from the following list of vendors:

    • Check Point Capsule VPNCheck Point Capsule VPN

    • Cisco AnyConnectCisco AnyConnect

    • Cisco Legacy AnyConnectCisco Legacy AnyConnect

    • SonicWall Mobile ConnectSonicWall Mobile Connect

    • F5 Edge ClientF5 Edge Client

    • Palo Alto Networks GlobalProtectPalo Alto Networks GlobalProtect

    • Pulse SecurePulse Secure

    • Cisco (IPSec)Cisco (IPSec)

    • CitrixCitrix

    • 自訂 VPNCustom VPN

      注意

      • Cisco Legacy AnyConnect VPN 設定檔適用於 Cisco Legacy AnyConnect 應用程式版本 4.0.5x 及更舊版本Cisco Legacy AnyConnect VPN profiles are for the Cisco Legacy AnyConnect app version 4.0.5x, and older versions
      • Cisco AnyConnect VPN 設定檔適用於 Cisco AnyConnect 應用程式版本 4.0.7x 及更新版本Cisco AnyConnect VPN profiles are for the Cisco AnyConnect app version 4.0.7x, and newer versions
  • 分割通道啟用停用以讓裝置依據流量決定所要使用的連線。Split tunneling: Enable or Disable to let devices decide which connection to use depending on the traffic. 例如,旅館中的使用者使用 VPN 連線存取工作檔案,但使用旅館的標準網路進行一般的網頁瀏覽。For example, a user in a hotel uses the VPN connection to access work files, but uses the hotel's standard network for regular web browsing.

自訂 VPN 設定Custom VPN settings

如果您已選取 [自訂 VPN] 作為連線類型,請一併設定下列設定︰If you selected Custom VPN as the connection type, also configure the following settings:

  • VPN 識別碼:您要使用之 VPN 應用程式的識別碼,由您的 VPN 提供者所提供。VPN identifier: An identifier for the VPN app you're using, and is supplied by your VPN provider.
  • 輸入自訂 VPN 屬性的機碼值組:新增或匯入 [機碼] 和 [值] 來自訂您的 VPN 連線。Enter key and value pairs for the custom VPN attributes: Add or import Keys and Values that customize your VPN connection. 同樣地,這些值通常由 VPN 提供者提供。Again, these values are typically supplied by your VPN provider.

應用程式 (個別應用程式 VPN) 設定Apps (per-app VPN) settings

  • 個別應用程式的 VPN:若要使用可在從 Safari 瀏覽器瀏覽 URL 時啟用 VPN 連線功能的 URL,請啟用此選項。Per-app VPN: Enable this option to use URLs that enable the VPN connection when they are visited from the Safari browser. 若要設定個別應用程式 VPN,您必須在選取 [憑證] 作為基底 VPN 設定中的驗證方法。To configure per-app VPN, you must select Certificates as the authentication method in the base VPN settings.

    • 觸發此 VPN 的 Safari URL選取即可新增一或多個網站 URL。Safari URLs that will trigger this VPN: Select to add one or more web site URLs. 前往這些 URL 時,會啟用 VPN 連線。When these URLs are visited, the VPN connection is enabled.
  • 隨選 VPN:設定可控制 VPN 連線起始時機的條件式規則。On-demand VPN: Configure conditional rules that control when the VPN connection is initiated. 例如,建立一個只在裝置未連線到公司 Wi-Fi 網路時才使用 VPN 連線的條件。For example, create a condition where the VPN connection is only used when a device is not connected to a company Wi-Fi network. 或者,建立一個如果裝置無法存取所指定 DNS 搜尋網域便不起始 VPN 連線的條件。Or, create a condition where, if a device can't access a DNS search domain you specify, then the VPN connection is not initiated.

    • SSID 或 DNS 搜尋網域選取此條件是要使用無線網路 SSID 還是 DNS 搜尋網域SSIDs or DNS search domains: Select whether this condition uses wireless network SSIDs, or DNS search domains. 選擇 [新增] 即可設定一或多個 SSID 或搜尋網域。Choose Add to configure one or more SSIDs or search domains.
    • URL 字串探查:選用。URL string probe: Optional. 請輸入規則用來作為測試的 URL。Enter a URL that the rule uses as a test. 如果安裝此設定檔的裝置無須重新導向就能存取此 URL,便會起始 VPN 連線,而裝置便可連線到目標 URL。If the device where this profile is installed can access this URL without redirection, then the VPN connection is initiated, and the device connects to the target URL. 使用者不會看到 URL 字串探查網站。The user does not see the URL string probe site. URL 字串探查的其中一例就是稽核網頁伺服器的位址,此伺服器會在連線 VPN 之前先檢查裝置合規性。A URL string probe example is the address of an auditing Web server that checks device compliance before connecting the VPN. 另一種可能,是 URL 會先測試 VPN 連線到網站的能力,再將裝置透過 VPN 連線到目標 URL。Another possibility is that the URL tests the ability of the VPN to connect to a site before connecting the device to the target URL through the VPN.
    • 網域動作:請選擇下列其中一個項目︰Domain action: Choose one of the following items:
      • 連線 (若需要)Connect if needed
      • 一律不連線Never connect
    • 動作:請選擇下列其中一個項目︰Action: Choose one of the following items:
      • 連線Connect
      • 評估連線Evaluate connection
      • 忽略Ignore
      • 中斷連線Disconnect

Proxy 設定Proxy settings

  • 自動設定指令碼:使用檔案設定 Proxy 伺服器。Automatic configuration script: Use a file to configure the proxy server. 輸入包含設定檔的 [Proxy 伺服器 URL] (例如 http://proxy.contoso.com)。Enter the Proxy server URL (for example http://proxy.contoso.com) that contains the configuration file.
  • 位址:輸入 Proxy 伺服器的完整主機名稱 IP 位址。Address: Enter the IP address of fully qualified host name of the proxy server.
  • 連接埠號碼:輸入與 Proxy 伺服器相關聯的連接埠號碼。Port number: Enter the port number associated with the proxy server.

後續步驟Next step

在 Intune 中建立 VPN 設定檔Create VPN profiles in Intune