In the Configuration Manager console, click Assets and Compliance.

In the Assets and Compliance workspace, expand Compliance Settings, expand Company Resource Access, and then click VPN Profiles.

On the Home tab, in the Create group, click Create VPN Profile.

On the General page of the Create VPN Profile Wizard, specify the following information:

• Name - Enter a unique name for the VPN profile. You can use a maximum of 256 characters.
  
  

  Important
  Do not use the characters \/:*?<>|, or the space character in the VPN profile name, because these characters are not supported by the Windows Server VPN profile.

• Description - Enter a description that gives an overview of the VPN profile and other relevant information that helps identify it in the Configuration Manager console. You can use a maximum of 256 characters.
  
  
• Import an existing VPN profile item from a file – Select this option to display the Import VPN Profile page. On this page, you can import VPN profile information for the Windows 8.1 and Windows RT operating systems that has previously been exported to an XML file.
  
  

On the Connection page of the Create VPN Profile Wizard, specify the following information:

• Connection type: From the drop-down list, select the connection type for the VPN connection. You can choose from the connection types in the following table that shows the platforms that each connection type supports.
  
  

  Connection type	iOS	Windows 8.1	Windows RT	Windows RT 8.1
  Cisco AnyConnect	Yes	No	No	No
  Juniper Pulse	Yes	Yes	No	Yes
  F5 Edge Client	Yes	Yes	No	Yes
  Dell SonicWALL Mobile Connect	Yes	Yes	No	Yes
  Check Point Mobile VPN	Yes	Yes	No	Yes
  Microsoft SSL (SSTP)	No	Yes	Yes	Yes
  Microsoft Automatic	No	Yes	Yes	Yes
  IKEv2	No	Yes	Yes	Yes
  PPTP	Yes	Yes	Yes	Yes
  L2TP	Yes	Yes	Yes	Yes

  Note

  Computers that run the x86 or x64 versions of Windows 8.1 support automatic VPN connections. However, you cannot use the option Use an automatic VPN connection (if configured), in the Create Application Wizard to associate the application with a VPN profile. In this case, you can configure a VPN profile to establish an automatic connection from the Create VPN Profile Wizard or import an XML VPN profile.

• Server list: Click Add to add a new VPN server to use for the VPN connection. Depending on the connection type, you can add one or more VPN servers and also specify which server is to be the default server.
  
  

  Note
  Devices that run iOS do not support using multiple VPN servers. If you configure multiple VPN servers and then deploy the VPN profile to an iOS device, only the default server is used.

The further options in the following table might be displayed, which depends on the connection type that you selected. See the VPN server documentation for more information about these options.

On the Authentication Method page of the Create VPN Profile Wizard, specify the following information:

• Authentication method: From the drop-down list, select the authentication method that the VPN connection will use. The items in the drop-down list might differ; they depend on the connection type that you previously selected. The available authentication methods and the supported connection types are listed in the following table.
  
  

  Authentication method	Supported connection types
  Certificates Tip If the client certificate is used to authenticate to a RADIUS server, such as a Network Policy Server, the Subject Alternative Name in the certificate must be set to the User Principal Name.	Cisco AnyConnect, Juniper Pulse, F5 Edge Client, Dell SonicWALL Mobile Connect, Check Point Mobile VPN
  User name and Password	Juniper Pulse, F5 Edge Client, Dell SonicWALL Mobile Connect, Check Point Mobile VPN
  Microsoft EAP-TTLS	Microsoft SSL (SSTP), Microsoft Automatic, IKEv2, PPTP, L2TP
  Microsoft protected EAP (PEAP)	Microsoft SSL (SSTP), Microsoft Automatic, IKEv2, PPTP, L2TP
  Microsoft secured password (EAP-MSCHAP v2)	Microsoft SSL (SSTP), Microsoft Automatic, IKEv2, PPTP, L2TP
  Smart Card or other certificate	Microsoft SSL (SSTP), Microsoft Automatic, IKEv2, PPTP, L2TP
  MSCHAP v2	Microsoft SSL (SSTP), Microsoft Automatic, PPTP, L2TP
  RSA SecurID	Microsoft SSL (SSTP), Microsoft Automatic, PPTP, L2TP
  Use machine certificates	IKEv2

• Remember the user credentials at each logon: Select this option to ensure that the user credentials are remembered so that the user does not have to enter credentials each time a connection is established.
  
  

On the Proxy Settings page of the Create VPN Profile Wizard, select the Configure proxy settings for this VPN profile check box if your VPN connection uses a proxy server.

Specify details about your proxy server and its settings. For more information, see the Windows Server documentation.

On the Automatic VPN page of the Create VPN Profile Wizard, select Enable VPN on-demand if you want users to establish an automatic VPN connection.

Click Add to add a DNS suffix, DNS server addresses, and to specify the on-demand action that occurs when users connect to that domain.

Note
The on-demand action Establish if needed is not applicable to devices that run Windows.

If a DNS suffix is specified without a corresponding DNS server address, the automatic VPN connection is not established when the resource in the suffix is accessed.

When you specify a DNS suffix, the VPN connection also opens when any resource in a subdomain of that domain is accessed.

Specify further options for Windows devices only, such as the trusted network list and the suffix search list. Even if you do not configure a DNS suffix, the DNS server name and an action, you can still configure the trusted server list. These networks are to be used when you configure an application to automatically establish a VPN connection. For more details about configuring an application to automatically establish a VPN connection, see How to Create Applications in Configuration Manager.

On the Supported Platforms page of the Create VPN Profile Wizard, select the operating systems on which the VPN profile will be installed, or click Select all to install the VPN profile on all available operating systems.