Yes, the MAG can handle inbound VPN connections from the user PC using one of 3 VPN options: 1) Junos Pulse: This can be configured to provide L3 access from the client machine to the MAG unit, which will then allow the users access to the internal resources. This client includes the ability for you as an admin to create the tunnel based on location awareness rules, enable wireless suppression, and connect to SRX firewalls. 2) Network Connect: This is the legacy L3 VPN client on the SA systems. It connects to the MAG device, gets an IP, and allows users access to the LAN. 3) IKEv2: This uses your preferred IKE client to create the VPN to the MAG system and allow access to the LAN resources. All three are very viable solutions; if you are working on a new deployment for the MAG units, I would suggest Junos Pulse or IKEv2.
