The following plist example:


<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN"
        "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
	<dict>
		<key>PayloadContent</key>
		<array>
			<dict>
				<key>Password</key>
				<string>aPassword</string>
				<key>PayloadCertificateFileName</key>
				<string>user.cert.p12</string>
				<key>PayloadContent</key>
				<data>
                    ...
                </data>
				<key>PayloadDescription</key>
				<string>PKCS#12</string>
				<key>PayloadDisplayName</key>
				<string>user.cert.p12</string>
				<key>PayloadIdentifier</key>
				<string>com.apple.security.pkcs12.5c0c7855-a8d9-4c86-8a21-efec8335105a</string>
				<key>PayloadType</key>
				<string>com.apple.security.pkcs12</string>
				<key>PayloadUUID</key>
				<string>5c0c7855-a8d9-4c86-8a21-efec8335105a</string>
				<key>PayloadVersion</key>
				<integer>1</integer>
			</dict>
			<dict>
				<key>PayloadCertificateFileName</key>
				<string>ca.cer</string>
				<key>PayloadContent</key>
				<data>
                    ...
                </data>
				<key>PayloadDescription</key>
				<string>CA</string>
				<key>PayloadDisplayName</key>
				<string>Root CA</string>
				<key>PayloadIdentifier</key>
				<string>com.apple.security.root.459bbd09-6891-4b55-934a-88ffc5d89f1f</string>
				<key>PayloadType</key>
				<string>com.apple.security.root</string>
				<key>PayloadUUID</key>
				<string>459bbd09-6891-4b55-934a-88ffc5d89f1f</string>
				<key>PayloadVersion</key>
				<integer>1</integer>
			</dict>
			<dict>
				<key>IKEv2</key>
				<dict>
					<key>AuthenticationMethod</key>
					<string>Certificate</string>
					<key>ChildSecurityAssociationParameters</key>
					<dict>
						<key>DiffieHellmanGroup</key>
						<integer>14</integer>
						<key>EncryptionAlgorithm</key>
						<string>3DES</string>
						<key>IntegrityAlgorithm</key>
						<string>SHA1-96</string>
						<key>LifeTimeInMinutes</key>
						<integer>1440</integer>
					</dict>
					<key>DeadPeerDetectionRate</key>
					<string>Medium</string>
					<key>DisableMOBIKE</key>
					<integer>0</integer>
					<key>DisableRedirect</key>
					<integer>0</integer>
					<key>EnableCertificateRevocationCheck</key>
					<integer>0</integer>
					<key>EnablePFS</key>
					<integer>1</integer>
					<key>IKESecurityAssociationParameters</key>
					<dict>
						<key>DiffieHellmanGroup</key>
						<integer>14</integer>
						<key>EncryptionAlgorithm</key>
						<string>3DES</string>
						<key>IntegrityAlgorithm</key>
						<string>SHA1-96</string>
						<key>LifeTimeInMinutes</key>
						<integer>1440</integer>
					</dict>
					<key>OnDemandEnabled</key>
					<integer>1</integer>
					<key>LocalIdentifier</key>
					<string>user@example.com</string>
					<key>PayloadCertificateUUID</key>
					<string>5c0c7855-a8d9-4c86-8a21-efec8335105a</string>
					<key>RemoteAddress</key>
					<string>vpn.example.com</string>
					<key>RemoteIdentifier</key>
					<string>vpn.example.com</string>
					<key>UseConfigurationAttributeInternalIPSubnet</key>
					<integer>0</integer>
				</dict>
				<key>IPv4</key>
				<dict>
					<key>OverridePrimary</key>
					<integer>1</integer>
				</dict>
				<key>VPNUUID</key>
				<string>4dfdca51-aea1-461b-9a76-d24e8a2f9c07</string>
				<key>OnDemandMatchAppEnabled</key>
				<true/>
				<key>SafariDomains</key>
				<array>
					<string>internal.lan</string>
				</array>
				<key>CalendarDomains</key>
				<array>
					<string>internal.lan</string>
					<string>outlook.internal.lan</string>
				</array>
				<key>ContactsDomains</key>
				<array>
					<string>internal.lan</string>
					<string>outlook.internal.lan</string>
				</array>
				<key>MailDomains</key>
				<array>
					<string>internal.lan</string>
					<string>outlook.internal.lan</string>
				</array>
				<key>PayloadDescription</key>
				<string>Configures VPN settings</string>
				<key>PayloadDisplayName</key>
				<string>VPN</string>
				<key>PayloadIdentifier</key>
				<string>com.apple.vpn.managed.applayer.ebec689e-6c37-4344-a590-09fe4a22f436</string>
				<key>PayloadType</key>
				<string>com.apple.vpn.managed.applayer</string>
				<key>PayloadUUID</key>
				<string>ebec689e-6c37-4344-a590-09fe4a22f436</string>
				<key>PayloadVersion</key>
				<integer>1</integer>
				<key>Proxies</key>
				<dict>
					<key>HTTPEnable</key>
					<integer>0</integer>
					<key>HTTPSEnable</key>
					<integer>0</integer>
				</dict>
				<key>UserDefinedName</key>
				<string>MDM VPN</string>
				<key>VPNType</key>
				<string>IKEv2</string>
				<key>VPN</key>
				<dict>
					<key>ProviderType</key>
					<string>packet-tunnel</string>
				</dict>
			</dict>
			<dict>
				<key>PayloadCertificateFileName</key>
				<string>server.cer</string>
				<key>PayloadContent</key>
				<data>
                    ...
                </data>
				<key>PayloadDescription</key>
				<string>PKCS#1</string>
				<key>PayloadDisplayName</key>
				<string>vpn.example.com</string>
				<key>PayloadIdentifier</key>
				<string>com.apple.security.pkcs1.fde58f43-2481-487d-8fa2-181746f271ba</string>
				<key>PayloadType</key>
				<string>com.apple.security.pkcs1</string>
				<key>PayloadUUID</key>
				<string>fde58f43-2481-487d-8fa2-181746f271ba</string>
				<key>PayloadVersion</key>
				<integer>1</integer>
			</dict>
		</array>
		<key>PayloadDisplayName</key>
		<string>VPN</string>
		<key>PayloadIdentifier</key>
		<string>com.mdm.vpn_configuration</string>
		<key>PayloadRemovalDisallowed</key>
		<false/>
		<key>PayloadType</key>
		<string>Configuration</string>
		<key>PayloadUUID</key>
		<string>af33af1b-3b7c-4a01-8e98-3c2e4fd47fc3</string>
		<key>PayloadVersion</key>
		<integer>1</integer>
	</dict>
</plist>