From SEP system logs, it will show that it have mapped GUP entries, however, the usable GUP entries is listed 0.
16/05/2013 9:05:56 AM Information Number of ‘Group Update Provider Mapping entries usable by the client’ in the policy: 0
16/05/2013 9:03:46 AM Information Number of ‘Group Update Provider Mapping entries’ in the policy: 188
Check on the IP addressing shows that the VPN connection is using subnet mask 255.255.255.255
This is a point to point VPN connection and the IP address itself is a subnet 192.168.1.20/32
Thus, it will not be able to map to any GUP that is listed in the Explicit GUP list for subnet 192.168.1.0/24
The SEP client is working as per design.
Recommend workaround to use Location Awareness policy to redirect client connecting via VPN to Single GUP or the Public Symantec LiveUpdate servers.