Always connected VPN based on user type

Question

Hello,&nbsp;
If the computer running the "always connected" VPN has two different users, one local and another user belonging to the corporate domain. Is it possible to trigger the "always connected" VPN only when the domain user is logged and not when the local user is logged in?&nbsp;
Thanks.&nbsp;

ryan77777 · Answer

I'm not aware of a way to do so with built-in F5 functions... but thinking creatively, you could use a combination of logon/logoff scripts in Active Directory (think GPO) and DNS resolution. &nbsp;
Create a logon script for the domain user(s) that adds an entry to the local hosts file ( and resolve it to whatever - 127.0.0.99). When the user logs off, have the logoff script remove that local hosts file entry. &nbsp;
Then on the F5, create a Connectivity Profile that builds the tunnel when  resolves to the IP you specified above. In theory, when a domain user logs in, the VPN will be established. When a local user logs in, it will not. This is due to the availability of the name resolution.&nbsp;
Access -&gt; Connectivity / VPN -&gt; Connectivity -&gt; Profiles -&gt; [vpn profile name] -&gt; Edit Profile _&gt; Win/Mac Edge Client -&gt; Location DNS List&nbsp;
There are other concerns here (such as if the user doesn't log off properly - but if it's not a security concern, it's just user training in all likelihood).&nbsp;

Forum Discussion

Always connected VPN based on user type

Recent Discussions

Statistics ›› Analytics : HTTP : Overview

VS FORWARDING & ROUTE

Diameter iRules attachment?

Source IP F5 DNS Zone Forwarder

F5 BIG-IP

Related Content

Vpn Always connected mode

Persist connection based on NTLM username

Site-to-Site Connectivity in F5 Distributed Cloud Network Connect – Reference Architecture

Security First, Performance Always: How F5 Drives Citrix VDI Excellence in Application Delivery

Cookie-based DDoS protection

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS