VPN with Citrix NetScaler IV – AlwaysON
Enabling AlwaysON in Citrix ADC will allow us to lift the VPN connection automatically, No end-user interaction, something that will add a plus to our connections being totally transparent, this is what we will see in this latest episode of the deployment of VPN with Citrix NetScaler Gateway and some of its possibilities.
To enable AlwaysON, in the NetScaler Gateway's Virtual Server session profile, in “Client Experience” click on Add of AlwaysON Profile Name,
We give it a name, indicate from where we will enable the connections, whether we want to have control of the client and the type of network access in case of problems with the VPN, “Create”, and we leave the Virtual Server with “Donate”.
After a restart, by default the computers will already connect to the VPN automatically, after the user's login on their Windows, without any interaction.
AlwaysON works as follows:
- User turns on their computer, the device VPN tunnel is established through the NetScaler Gateway using the device certificate as the identity.
- Since the machine is connected to the tunnel, the user logs into their computer with their AD credentials and they are validated against our DCs.
- After login, user may require MFA.
- And finally, After successful authentication, the device VPN tunnel is replaced by the user tunnel, With it, you'll get to the network resources you need to work.
- When the user logs off, the user tunnel is replaced with the device tunnel.
To do this, we have several options to configure AlwaysON in our workstations, depends on a registry key that we will have in “HKLMSoftwareCitrixSecure Access Client” call “AlwaysOnService” Type REG_DWORD.
- If the value is '1’ the device VPN tunnel will be established but not the user VPN tunnel.
- If the value is '2'. the device tunnel is established and replaced by the user tunnel after the successful logon in Windows.
- Without the 'AlwaysOnService' key’ Only the user tunnel will be used.
Well, As always, I bid farewell sincerely, Wishing you all the best, that you can control, Govern your systems as best as possible, that we raise certain levels of security, Let's automate the maximum to work the minimum =), May it go well, Greetings!