Windows Mobile provides the Mobile VPN as a virtual private network (VPN) component. Mobile VPN enables remote access from a Windows Mobile device to System Center Mobile Device Manager (MDM).
The following table describes some specific features of Mobile VPN.
Feature area
Description
Automatic establishment
The VPN is established automatically when it is enabled.
If there is a disconnection, the VPN reconnects automatically. In order to conserve battery power, the reconnection retry process follows an exponential backoff algorithm.
Always on and push support
The VPN tunnel is always on when it is enabled.
When the VPN client detects network address translation (NAT) traversal in the network, it will send periodically keepalives to maintain the virtual connection over the network elements. Keepalives are sent as specified in the interval that is set by the administrator, or according to the NAT time-out interval detected. This depends on the administrator configuration.
In order to extend battery power, keepalive resend timers are reset when there is traffic flowing over the VPN.
Roaming considerations
The VPN is always on, even when the device is roaming.
In a roaming scenario, you can configure the VPN not to send keepalives in NAT traversal detection situations. In this case, push is not supported.
In a roaming scenario, VPN is always connected on demand. This is regardless of how you configure the VPN in relation to sending keepalives in NAT traversal detection situations.
Stability
Mobile VPN will always connect over the best possible connection to the Internet that is available at the point of establishment.
After it is connected, Mobile VPN will not automatically swap to another base connection, even if it is better. This is for stability reasons, as reconnection incurs traffic disruptions.
Relation to base connection
The Mobile VPN will propagate the characteristics of the base connection over which it is established. For example, if the base connection supports Wake on Incoming, the VPN will support Wake on Incoming.
Configuration
Initial configuration is performed during enrollment with the System Center Mobile Device Manager.
Reconfiguration is performed from Group Policy console by using the OM DM protocol.
Authentication
The authentication performed by Mobile VPN is based on certificates. The necessary device certificate is configured during enrollment with the System Center Mobile Device Manager.
Security
Internet access is not enabled while Mobile VPN is enabled but disconnected.
Internet access is enabled when Mobile VPN is disabled.