Apple iPod and iPod Touch Virtual Private Networks

Chapter 1 Deploying iPhone and iPod touch 13

WPA/WPA2 Enterprise Network Configuration

ÂVerify network appliances for compatibility and select an authentication type (EAP

type) supported by iPhone and iPod touch. Make sure that 802.1X is enabled on the

authentication server, and if necessary, install a server certificate and assign network

access permissions to users and groups.

ÂConfigure wireless access points for 802.1X authentication and enter the

corresponding RADIUS server information.

ÂTest your 802.1X deployment with a Mac or a PC to make sure RADIUS authentication

is properly configured.

ÂIf you plan to use certificate-based authentication, make sure you have your public

key infrastructure configured to support device and user-based certificates with the

corresponding key distribution process.

ÂVerify certificate format and authentication server compatibility. iPhone and

iPod touch support PKCS1 (.cer, .crt, .der) and PKCS12 (.p12, .pfx).

Virtual Private Networks

Secure access to private networks is supported on iPhone and iPod touch using Cisco

IPSec, L2TP over IPSec, and PPTP virtual private network protocols. If your organization

supports one of these protocols, no additional network configuration or third-party

applications are required to use your devices with your VPN infrastructure.

Cisco IPSec deployments can take advantage of certificate-based authentication via

industry-standard x.509 digital certificates (PKCS1, PKCS12). For two-factor token-based

authentication, iPhone and iPod touch support RSA SecurID and CryptoCard. Users

enter their PIN and token-generated, one-time password directly on their device when

establishing a VPN connection.

iPhone and iPod touch also support shared secret authentication for Cisco IPSec and

L2TP/IPSec deployments and MS-CHAPv2 for basic username and password

authentication.

VPN Setup Guidelines

ÂiPhone integrates with most existing VPN networks, so minimal configuration should

be necessary to enable iPhone access to your network. The best way to prepare for

deployment is to check if your company’s existing VPN protocols and authentication

methods are supported by iPhone.

ÂEnsure compatibility with standards by your VPN concentrators. It’s also a good idea

to review the authentication path to your RADIUS or authentication server to make

sure standards supported by iPhone are enabled within your implementation.

ÂCheck with your solutions providers to confirm that your software and equipment

are up-to-date with the latest security patches and firmware.