Without visibility into Access Point A that could be hard to identify. By its nature, a tunnel will hide a lot of that information. On the MX600 side of things, they'll just see client A as a locally connected client with a lot of traffic. To dive deeper into that client's local connection you'd for sure have to look into the network with Access Point 'A'.
But what is he ultimately trying to accomplish? Can't he just use a policy to limit the traffic so he doesn't have to constantly investigate that kind of stuff?
Adam R MS | CISSP, CISM, VCP, MCITP, CCNP, ITILv3, CMNO
If this was helpful click the Kudo button below
If my reply solved your issue, please mark it as a solution.