{"id":8927,"date":"2020-06-16T02:15:00","date_gmt":"2020-06-16T02:15:00","guid":{"rendered":"https:\/\/clouddnagroup.com\/?p=8927"},"modified":"2023-06-23T09:33:46","modified_gmt":"2023-06-23T09:33:46","slug":"citrix-adc-alwayson-vpn","status":"publish","type":"post","link":"https:\/\/clouddnagroup.com\/2020\/06\/16\/citrix-adc-alwayson-vpn\/","title":{"rendered":"How Citrix ADC AlwaysOn VPN Works"},"content":{"rendered":"

As more users are working from home than ever before, the demands on Enterprise IT to deliver end user devices have become more complex. During this time cloudDNA has seen an increase in the number of customers requesting the capability to manage connectivity into the Enterprise when connected by a Virtual Private Network (VPN).<\/p>\n

Customer requirements are still seamless user experience and a robust mechanism for central IT to manage the device; but use cases that may prevent giving users access come to the fore if the user has never been to the office, or it is a newly built device.<\/p>\n

The usual method of allowing VPN users to connect remotely into the environment is to install a software agent on the device and request the user to run the software whenever they need to connect to the corporate network.  This is adequate for users who have sat at their machines in the office and have then taken them home with cached credentials; but what about new devices shipped to users? Or new users who have never set foot in the office?  Neither does this address security concerns that may require policy changes to be immediate such as Group Policy, password expiry or software updates.<\/p>\n

Traditionally, if a new user could not get into the office to receive a new device, central IT would have to log into the machine as the user to cache credentials, and then to share those access details with the user for logon later. This is not desirable or good practice.<\/p>\n

To address these issues Citrix AlwaysON VPN connectivity creates a \u2018machine-based\u2019 VPN tunnel that is always connected to the Citrix Gateway; even before the user logs on to the device.  This creates a connection to the enterprise without user intervention and allows support to monitor the device without the user having to log in.<\/p>\n

Citrix AlwaysON VPN first appeared in NetScaler firmware build version 11.1, but Citrix now specifies a newer minimum version requirement dependant on the functionality required and method of implementation. With the introduction of Citrix ADC firmware build 13.0, this has been further enhanced to provide functionality and options based on a User connection.<\/p>\n

Citrix AlwaysON VPN using Classic Policy<\/strong><\/p>\n

Based on Device Certificates as the measure of trust, the device attempts to build a VPN tunnelled connection to the Citrix Gateway as soon as the machine is powered on, without any user interaction.<\/p>\n

This requires firmware version 12.0.51.24 or later.<\/p>\n

\"Citrix

This enables a core set of functionalities.<\/p>\n