Forum Discussion

F5_Jeff's avatar
F5_Jeff
Icon for Cirrus rankCirrus
Jul 26, 2019

AD update when using VPN

Hi All,

 

We are currently having some concern when a user is outside the network. Here is the scenario.

 

A user is using outside network (wifi) to connect to F5 VPN. User is connected in the F5 VPN successfully using the credentials (user1/password1) configured in the AD. While connected to VPN, the user changed the password (password2) in the AD. The VPN credentials took effect immediately after logging-out then signing-in again in the VPN. However, the credentials used for their laptop did not update (still password1) . Because of this, some applications that reference the details in the laptop's domain controller were not accessible since their is a mismatch of data/considered as untrusted. What the user needs to do is connect to the internal network in the office for the laptop information to be updated.

 

Another user tested this scenario but instead of using F5, they used the CiscoVPN. Same steps. User just sign-out from the laptop (using change user setting) and input its new password. New password was accepted.

 

So our question is this, can F5 VPN push the updates of the AD to its VPN users? Which settings should we check to verify this,both on F5 and AD? How does the AD updates its changes and how will F5 forward this to the VPN users?

 

Thank you. Any information will be much appreciated.

 

3 Replies

Sort By
  • boneyard's avatar
    boneyard
    Icon for MVP rankMVP
    Jul 28, 2019

    to be honest i don't really see how the VPN software is involved here. except that the user is connected to the corporate network via it.

     

    you say the user changed the password, how does he / she do that?

  • F5_Jeff's avatar
    F5_Jeff
    Icon for Cirrus rankCirrus
    Jul 29, 2019

    Hi Boneyard,

     

    thank you for your taking the time to read my inquiry

     

    yes, you are correct. However, that is our question as well. The user is already connected to the corporate network but how come the laptop's password did not change when using F5 unlike the other VPN they used.

     

    Can this be related to routing from AD to the network VPN of F5?

     

    . The AD password is set to be changed every month for security purposes. They have an internal application that prompts the user to change their password. All applications will update password for the user except for the laptop's credential

  • boneyard's avatar
    boneyard
    Icon for MVP rankMVP
    Aug 10, 2019

    what you suggest is pretty much the only thing i can think of, an issue of connectivity between machine and AD. or perhaps that internal application that handles the password change.