EX SSL-VPN: What is the reason for IP Address Conflict reported on cloned Windows Operating system

Description

EX SSL-VPN: What is the reason for IP Address Conflict reported on cloned Windows Operating system images?

Resolution

Question:

What is the reason for Ip Address Conflict reported on cloned Windows Operating system images?  Is this related to imaging process followed or related to Aventail for assigning same ip address to different clients.

Resolution/Workaround:

Most of the customers provide imaged pc's to their end users.  All imaging tools provide options to generate Unique Security Identifiers.  Aventail Connect Tunnel Client Installed and connected creates a Unique "Tunnel Identifier"  once logged in. 

Identified Imaging Issues:

  • Any imaging process that does not generate Unique Security Identifier would cause an issue related to duplicate Identifiers.
  • Tunnel Client Installed and tested for access would generate a Unique Tunnel Identifier. The base image with tested tunnel client when cloned would also duplicate the tunnel  Identifier. (Change of Operating System Unique Identifier during the imaging process would not change the Aventail Connect Identifier).
  • Aventail Tunnel Identifier is created and stored under registry settings.
  • Tunnel Clients should not  to be tried or tested on base images(before cloning).

Where does the Tunnel Identifier gets recorded in Registry:

  • HKEY_LOCAL_MACHINESOFTWAREAventail VPN ClientConnections   (Under connections we have Connect tunnel profiles which record information related to Tunnel Identifier.

          Image


What needs to be done for such imaging issues?

-Uninstall or  Reinstall of Tunnel Client would generate a Unique Tunnel Identifier with respect to Operating System Unique Identifier.
**Or the Customer could use any tools related to deleting of  Key Value- "TunnelIdentifier"  or deleting the entire "Connections" Key  from Registry.

**
Note: 

  • Any modifications to registry might lead to Operating System crash or BSOD.  Such modifications are to be done at customer / User discretion. SonicWall does not hold any responsibility for any manual changes attempted to modify Registry.  SonicWall recommends to use proper imaging system and proper tunnel installation for user access.
  • To identify such issues Technical Support team needs  users client side tunnel logs and Aventail VPN system health Information (AMC->logging).

Issue ID

SW10602

Related Articles

  • SMA100: How to generate CSR and import a signed certificate.
    Read More
  • How to change Default ssl port for SMA 100 series.
    Read More
  • SMA1000: Discontinued features in SMA1000 12.5.0 firmware.
    Read More

Categories

Secure Mobile Access
SMA 1000 Series
not finding your answers?
Ask the Community
was this article helpful?
YesNo