Reset Search
 

 

Article

KB40360 - VPN On Demand with Pulse WorkSpace and Pulse Connect Secure

« Go Back

Information

 
Last Modified Date10/26/2016 5:57 PM
Synopsis
This articles provides information about the VPN On Demand (VOD) feature with iOS and configuration steps with Pulse WorkSpace and Pulse Connect Secure.
Problem or Goal
Cause
Solution

Prerequisites:

  • Pulse WorkSpace with VPN Certificate Auth and VPN Safari Domains configured
  • Pulse Connect Secure with certificate auth configured
  • Device certificate from the PCS device must be trusted by iOS device.  If a private CA or self-signed certificate is being utilized, the root certificate / self-signed certificate must be installed on all endpoints.

The following article will highlights the important steps needed to configure VPN On Demand with Pulse WorkSpace and Pulse Connect Secure.  For detailed step-by-step instructions how to configure a L4 (Per-App VPN) or L3 tunnel, please refer to the following knowledge base articles:


Pulse WorkSpace Configuration:

For VOD to work properly, a client certificate must be issued to each WorkSpace endpoint and VPN Safari Domains must be configured via the policy.  These options can be found in the WorkSpace Policy under Properties > VPN.
User-added image
 
  1. Under the VPN section, locate VPN Certificate Auth and click Edit icon on the right side.  Click the radio button for True
     
User-added image
  1. Locate VPN Safari Domains and click the Edit icon on the right side. Enter the list of domain names to trigger VPN On Demand.  
Note:  Use a * (wildcard) to cover multiple subdomains.
User-added image
 
  1. In the upper right hand corner, click the gear icon and select VPN cert.

User-added image

 

  1. Under VPN Certificate, click the download cert link.
User-added image

This certificate will need to be installed on the PCS device with the steps below.


Pulse Connect Secure configuration:

  1. Login to PCS admin console
  2. Navigate to Configuration > Certificates > Trusted Client CAs
  3. Click Import CA Certificate
User-added image
  1. Click Browse
  2. Navigate to the VPN certificate exported from Pulse WorkSpace (above)
  3. Click Import Certificate
  4. From the top menu bar, navigate to Authentication > Auth. Servers.
User-added image
  1. From the New drop-down menu, select Certificate Server.
User-added image
  1. Click New Server.
User-added image
  1. In the Name field, enter a friendly name for the auth server.
    • Default value for User name template is recommended, but may be change if common name (CN) does not met your need.
User-added image
  1. Click Save Changes.
  2. From the top menu bar, navigate to Users > User Realms > User Realms.
  3. From the list of User Realms, select the corresponding User Realm used for L3 or L4 connections.
  4. Under Servers, select the certificate auth server from the authentication drop-down menu.
User-added image
Related Links
Attachment 1 
Created ByK. Kitajima

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255