Sign in
 
HomeLibraryLearnDownloadsSupportForums
Resources for IT Professionals > Mobility Forums > System Center Mobile Device Manager > Bypass VPN
Ask a questionAsk a question
Search Forums:
 

General DiscussionBypass VPN

  • Wednesday, June 10, 2009 12:31 PMJun1or Users MedalsUsers MedalsUsers MedalsUsers MedalsUsers Medals
     
    Sign In to Vote
    0
    Sign In to Vote

    Hello All

    we have an SCMDM environment setup in our organisation, each mobile device connects via VPN to access company resources.

    My question, is it possible to bypass the VPN to access the Internet? We need users to access a particular website without coming in over the VPN then going out to the internet.

    Any help is appreciated.

    Thanks
    Jun1or

     

All Replies

  • Wednesday, June 10, 2009 12:47 PMAndreas Helland Users MedalsUsers MedalsUsers MedalsUsers MedalsUsers Medals
     
    Sign In to Vote
    1
    Sign In to Vote
    Windows Mobile does not support split-tunneling (nor multiple APNs connected simultaneously), so if you don't want the traffic to pass over the VPN you might want to give users the option to disable VPN. Now this may not be practical I realize, but it's the easiest option. But why do you not want the website to be accessed over VPN? Is it scaling issues like the amount of traffic going over your regular internet connection? (Like surfing youtube.) Or is it something like the proxy at the company is blocking this particular site?
     
  • Wednesday, June 10, 2009 1:06 PMJun1or Users MedalsUsers MedalsUsers MedalsUsers MedalsUsers Medals
     
    Sign In to Vote
    0
    Sign In to Vote
    Thanks for the prompt reply.

    We want to give users access to site/web application (developed in house) which is a HTTPS and has SSL certificates, since VPN is also using SSL we think there will be issues.
     
  • Wednesday, June 10, 2009 1:30 PMAndreas Helland Users MedalsUsers MedalsUsers MedalsUsers MedalsUsers Medals
     
    Sign In to Vote
    0
    Sign In to Vote
    There shouldn't be any issues. The VPN tunnel is IPSec-based, with certificates for authentication. The device will not confuse these certificates with certificates used in other scenarios. Accessing HTTPS sites is no problem, and it should also work with client certificates if necessary.
     
  • Wednesday, June 10, 2009 1:52 PMJun1or Users MedalsUsers MedalsUsers MedalsUsers MedalsUsers Medals
     
    Sign In to Vote
    0
    Sign In to Vote
    There shouldn't be any issues. The VPN tunnel is IPSec-based, with certificates for authentication. The device will not confuse these certificates with certificates used in other scenarios. Accessing HTTPS sites is no problem, and it should also work with client certificates if necessary.

    Thanks for your help on this Andreas, i will see how the pilot run goes.
     
  • Wednesday, June 10, 2009 11:36 PMWayne Phillips.MVP, ModeratorUsers MedalsUsers MedalsUsers MedalsUsers MedalsUsers Medals
     
    Sign In to Vote
    0
    Sign In to Vote

    I just want to back-up Andreas' comments. The VPN tunnel has been built to handle any traffic including HTTPS, SSL and TLS. ActiveSync uses HTTPS, MDM Policies use HTTPS, MDM Software Distribution can use HTTPS, so if you have MDM policies and mail configured you are already using SSL through IPSEC security. Running SSL traffic though the IPSEC tunnel, is promoted by Microsoft and they refer to it as "Double Envelope" security. For confirmation do a search for "mdm double envelope security"

    Problems might occur if you are using a Proxy Server for Internet Traffic. Although the solution does not cater for Split Tunnelling, you can configure which websites go though the Proxy and which don't.

    Cheers Wayne
    Airloom