Export (0) Print
Expand All

Mobile VPN

Windows Mobile 6.5
4/8/2010

Windows Mobile provides the Mobile VPN as a virtual private network (VPN) component. Mobile VPN enables remote access from a Windows Mobile device to System Center Mobile Device Manager (MDM).

The following table describes some specific features of Mobile VPN.

Feature area Description

Automatic establishment

  • The VPN is established automatically when it is enabled.
  • If there is a disconnection, the VPN reconnects automatically. In order to conserve battery power, the reconnection retry process follows an exponential backoff algorithm.

Always on and push support

  • The VPN tunnel is always on when it is enabled.
  • When the VPN client detects network address translation (NAT) traversal in the network, it will send periodically keepalives to maintain the virtual connection over the network elements. Keepalives are sent as specified in the interval that is set by the administrator, or according to the NAT time-out interval detected. This depends on the administrator configuration.
  • In order to extend battery power, keepalive resend timers are reset when there is traffic flowing over the VPN.

Roaming considerations

  • The VPN is always on, even when the device is roaming.
  • In a roaming scenario, you can configure the VPN not to send keepalives in NAT traversal detection situations. In this case, push is not supported.
  • In a roaming scenario, VPN is always connected on demand. This is regardless of how you configure the VPN in relation to sending keepalives in NAT traversal detection situations.

Stability

  • Mobile VPN will always connect over the best possible connection to the Internet that is available at the point of establishment.
  • After it is connected, Mobile VPN will not automatically swap to another base connection, even if it is better. This is for stability reasons, as reconnection incurs traffic disruptions.

Relation to base connection

The Mobile VPN will propagate the characteristics of the base connection over which it is established. For example, if the base connection supports Wake on Incoming, the VPN will support Wake on Incoming.

Configuration

  • Initial configuration is performed during enrollment with the System Center Mobile Device Manager.
  • Reconfiguration is performed from Group Policy console by using the OM DM protocol.

Authentication

The authentication performed by Mobile VPN is based on certificates. The necessary device certificate is configured during enrollment with the System Center Mobile Device Manager.

Security

  • Internet access is not enabled while Mobile VPN is enabled but disconnected.
  • Internet access is enabled when Mobile VPN is disabled.

Technical Overview of Mobile VPN

Provides an overview of Mobile VPN.

Community Additions

ADD
Show:
© 2014 Microsoft