| Table of Contents |
|---|
In this guide, we are going to learn how to configure VPN Redirection.
MDM integration has 2 types of behaviors:
- Conditional Registration - Limiting registration only to managed devices by the MDM vendor.
- Conditional Access - Consistent validation that the device is managed and did not become out of compliance.
Regarding Conditional Access SkypeShield can function according to the following approaches:
- WiFi - Registration can only be done from and a WiFi network that requires a certificate in order to connect to. The certificate is managed by the MDM.
- SkypeShield Application - Registration can be performed only by using a specific SkypeShield (SkS) app, that is only available from the corporate store/catalog to the devices that are managed.
- VPN Redirection - Registration can only be done from a device that is configured to work with Split Tunnel VPN managed by the MDM.
VPN redirection is a feature that validates the user's access to the VPN before letting them sign in without.
...
After the device performs lyncdiscover Skype autodiscovery it will be redirected to a unique hostname that will should trigger the split tunnel VPN.
That host will send traffic to the DMZ Bastion server via an internal IP address. That way the LAC filter will be able to know if the traffic came from the VPN.
...
1.Navigate to the 'Registration' page in the Access Portal
2. Set 'Require registration via VPN' to YES.
3. Add the appropriative values to the following attributes:
Front End pool FQDN - your Skype for Business Front End pool.
VPN Host name for Bastion - this is the VPN The hostname that the user will be directed to after the autodiscovery. This hostname should be configured for the Split Tunnel VPN. It should also appear in thre the Bastion.xml configuration file.
4. Restart the Bastion service