I do have a question regarding the combination of Windows AO-VPN and IDC.
Our Windows AO-VPN solution on our Windows Endpoints consists of 2 tunnels.
1. Device Tunnel ( Is initiated when Windows boots and before user logs in )
2. User Tunnel ( is initiated after the user logs in into Windows )
The Device Tunnel is there purely for management purposes ( getting (AV)/Windows updates etc). The User Tunnel gets the corresponding routes which the user needs.
However in SmartConsole i see in the logs that the traffic which the user initiates does not has a source-username log entry.
Investigating it further , i see that the username of the corresponding user that has logged in to the endpoints is correlating with the Device-Tunnel IP address. However, that IP is not used for resources behind the VPN.
The IDC is working correctly for internal traffic , but as the remote endpoint gets 2 IP addresses , IDC only correlates the Device IP instead of the User-Tunnel IP.
Currently the traffic flow is as follows
- Devices boots
- Windows starts up and Device-Tunnel is initiated -> IP 10.10.10.1 is assigned.
- User logs in into Windows before the User-Tunnel is initiated the IDC correlates the Device-Tunnel IP with the logged in user ( which is what gets into the AD Event logs ) so untill here everyhing works correctly
- User-Tunnel is automatic initiated after user login and traffic to on-prem resources flows via User-Tunnel ( IP 10.10.10.2 )
So what we would actually like to establish is that the 10.10.10.2 is correlated in SmartConsole with the Windows Username. However , i doubt if that is possible as the real login on the Windows Endpoint happens before. Hopefully anybody here can point me in the right direction.