SCCM & AlwaysOn VPN Best Practice

%3CLINGO-SUB%20id%3D%22lingo-sub-1419863%22%20slang%3D%22en-US%22%3ESCCM%20%26amp%3B%20AlwaysOn%20VPN%20Best%20Practice%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1419863%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20there%2C%3C%2FP%3E%3CP%3EI'm%20looking%20for%20suggestions%20in%20order%20to%20deploy%20custom%20AlwaysOn%20vpn%20profile%20to%20my%20clients.%3C%2FP%3E%3CP%3EI%20have%20SCCM%20Current%20Branch%20and%20about%202k%20clients%20to%20manage.%3C%2FP%3E%3CP%3EI've%20successfully%20deployed%20AlwaysOn%20vpn%20custom%20profile%20by%20MEM%20but%20now%20I%20need%20to%20do%20the%20same%20with%20SCCM%20that%20I'm%20not%20so%20familiar%20with.%3C%2FP%3E%3CP%3EMy%20profile%20is%20composed%20by%20one%20PS1%20script%20and%20one%20xml%20configuration%20file%20with%20NRPT%20and%20custom%20IKEv2%20security%20baseline.%20Sometimes%20I%20need%20to%20edit%20the%20xml%20file%20in%20order%20to%20update%20NRTP%2C%20so%20I%20need%20to%20update%20client%20configuration.%20I%20need%20to%20deploy%20these%20setting%20to%20a%20User%20collection.%3C%2FP%3E%3CP%3EI%20tried%20to%20make%20a%20package%20with%20both%20files%2C%20first%20deploy%20were%20successfully%20but%20if%20I'll%20need%20to%20modify%20one%20of%20the%20files%20in%20the%20package%2C%20I%20should%20create%20a%20new%20package%20and%20a%20new%20deploy%20each%20time.%3C%2FP%3E%3CP%3EI%20tried%20with%20Compliance%20Settings%20%26gt%3B%20VPN%20profile%20but%20I%20can't%20upload%20my%20custom%20xml%20and%20the%20wizard%20doesn't%20allow%20to%20edit%20the%20IKEv2%20security.%3C%2FP%3E%3CP%3ELast%20test%20was%20with%20Application.%20In%20this%20case%20the%20configuration%20failed%20due%20to%20client%20user%20permission%20(ps1%20requires%20elevated%20but%20local%20user%20are%20not%20local%20administrator).%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EDoes%20anyone%20have%20done%20this%20before%3F%3C%2FP%3E%3CP%3EDoes%20anyone%20have%20any%20suggestion%20on%20this%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMany%20thanks!%3C%2FP%3E%3CP%3EFrancesco%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1419863%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3ESystem%20Center%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Highlighted
Occasional Contributor

Hi there,

I'm looking for suggestions in order to deploy custom AlwaysOn vpn profile to my clients.

I have SCCM Current Branch and about 2k clients to manage.

I've successfully deployed AlwaysOn vpn custom profile by MEM but now I need to do the same with SCCM that I'm not so familiar with.

My profile is composed by one PS1 script and one xml configuration file with NRPT and custom IKEv2 security baseline. Sometimes I need to edit the xml file in order to update NRTP, so I need to update client configuration. I need to deploy these setting to a User collection.

I tried to make a package with both files, first deploy were successfully but if I'll need to modify one of the files in the package, I should create a new package and a new deploy each time.

I tried with Compliance Settings > VPN profile but I can't upload my custom xml and the wizard doesn't allow to edit the IKEv2 security.

Last test was with Application. In this case the configuration failed due to client user permission (ps1 requires elevated but local user are not local administrator).

 

Does anyone have done this before?

Does anyone have any suggestion on this?

 

Many thanks!

Francesco

0 Replies