Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <VPNProfile>
- <NativeProfile>
- <Servers>vpn-1.contoso.com</Servers>
- <NativeProtocolType>IKEv2</NativeProtocolType>
- <Authentication>
- <MachineMethod>Certificate</MachineMethod>
- </Authentication>
- <RoutingPolicyType>SplitTunnel</RoutingPolicyType>
- <!-- disable the addition of a class based route for the assigned IP address on the VPN interface -->
- <DisableClassBasedDefaultRoute>true</DisableClassBasedDefaultRoute>
- </NativeProfile>
- <DomainNameInformation>
- <DomainName>.contoso.com</DomainName>
- <DnsServers>10.1.1.100,10.1.1.101,10.1.2.100</DnsServers>
- </DomainNameInformation>
- <DnsSuffix>contoso.com</DnsSuffix>
- <TrustedNetworkDetection>contoso.com</TrustedNetworkDetection>
- <!-- use host routes(/32) to prevent routing conflicts -->
- <Route>
- <Address>10.0.0.0</Address>
- <PrefixSize>8</PrefixSize>
- </Route>
- <Route>
- <Address>172.16.0.0</Address>
- <PrefixSize>12</PrefixSize>
- </Route>
- <Route>
- <Address>192.168.0.0</Address>
- <PrefixSize>16</PrefixSize>
- </Route>
- <!-- traffic filters for the routes specified above so that only this traffic can go over the device tunnel -->
- <TrafficFilter>
- <RemoteAddressRanges>10.0.0.0, 172.16.0.0, 192.168.0.0</RemoteAddressRanges>
- </TrafficFilter>
- <!-- need to specify always on = true -->
- <AlwaysOn>true</AlwaysOn>
- <!-- new node to specify that this is a device tunnel -->
- <DeviceTunnel>true</DeviceTunnel>
- <!--new node to register client IP address in DNS to enable manage out -->
- <RegisterDNS>true</RegisterDNS>
- <RememberCredentials>true</RememberCredentials>
- </VPNProfile>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
