Secure Mobile Access 12.4 Connect Tunnel User Guide
Table of Contents
Launching VPN Connection using Device VPN
This section provides information on connecting to the VPN tunnel using Device VPN.
Device VPN
Device VPN provides VPN access to a device on boot. VPN access is expected to be always available and limited to critical common resources that provide basic network access, logon, remote management, and remediation services (for devices lacking capability). For example, DNS, PDC, Windows Update and other critical services. The Device VPN session is non-interactive and establishes a VPN connection in background.
Enabling Device VPN on Connect Tunnel
Device VPN is enabled by administrator in the SMA appliance. On subsequent connection of Connect Tunnel to the SMA appliance, this Device VPN policy is pushed to the client and gets enabled in the Connect Tunnel.
Launching a VPN connection
A Device VPN is automatically established between the user’s device and the appliance on system boot. After the user logs on to Windows user session, a User VPN is established based on the user’s credentials.
A user must disconnect from User VPN to login to another user realm or to disable Device VPN altogether.
Based on the administrator configuration in the SMA appliance, the Device VPN and User VPN feature may differ in the Connect Tunnel as below:
- The disconnect option is enabled by default to allow user to disconnect from User VPN, unless the administrator disables the disconnect option in the Device VPN configuration.
- Network access is allowed by default when VPN is not connected unless the admin restricts the network access in the Device VPN configuration.
- An User VPN is automatically established on user logon irrespective of whether device is in secure network or not. An administrator can disable this in the Device VPN configuration so that a User VPN is only established when in non-secure network.
For more information about the Configuration a Device VPN connection on Connect Tunnel refer to the section Configuring a Device VPN connection.
For more information about the Device VPN and Device VPN endpoint enrollment, refer to the sections Device VPN and Device VPN endpoint enrollment in the SMA 1000 Administration Guide.
