Should enterprises implement a mandatory iPhone VPN?
I've heard that some vendors are beginning to offer VPN support for the iPhone. We have a number of iPhone users in our organization. At what point should we consider a mandatory iPhone VPN?
The iPhone actually includes a built-in VPN client that supports standard PPTP and L2TP VPNs. Unless your organization only supports IPsec VPN connections, you should be able to configure the iPhone to access your existing corporate VPN. You can access the iPhone's VPN capability by choosing General → Network → VPN from the Settings screen. If you have no choice other than IPsec, hold on to your seat. Apple is promising to support the Cisco IPsec VPN client in version 2.0 of the iPhone software, due out this summer.
The decision about mandating VPN usage depends upon your organization's security requirements. Mandatory VPNs are worth considering in the following circumstances:
You use content filtering on your network and wish to limit the network access of iPhone users.
You're concerned about users accessing unencrypted services on a public network and wish to provide a secure tunnel back to your corporate network.
When it comes to making decisions about VPN use, there's honestly not much difference between an iPhone and any other computing device. If you require VPN connections for all travelling laptops, it probably makes sense to also require them for iPhones. If you allow travelling users to access the Internet directly, you can implement the same policy for iPhones.
More information:A reader asks Mike Chapple, "How expensive are IPsec VPN setup costs?"
Learn how a DMZ server and VPN are able to co-exist.
This was first published in April 2008