EX SSL-VPN: What is the reason for IP Address Conflict reported on cloned Windows Operating system

Description

EX SSL-VPN: What is the reason for IP Address Conflict reported on cloned Windows Operating system images?

Resolution

Question:

What is the reason for Ip Address Conflict reported on cloned Windows Operating system images?  Is this related to imaging process followed or related to Aventail for assigning same ip address to different clients.

Resolution/Workaround:

Most of the customers provide imaged pc's to their end users.  All imaging tools provide options to generate Unique Security Identifiers.  Aventail Connect Tunnel Client Installed and connected creates a Unique "Tunnel Identifier"  once logged in. 

Identified Imaging Issues:

  • Any imaging process that does not generate Unique Security Identifier would cause an issue related to duplicate Identifiers.
  • Tunnel Client Installed and tested for access would generate a Unique Tunnel Identifier. The base image with tested tunnel client when cloned would also duplicate the tunnel  Identifier. (Change of Operating System Unique Identifier during the imaging process would not change the Aventail Connect Identifier).
  • Aventail Tunnel Identifier is created and stored under registry settings.
  • Tunnel Clients should not  to be tried or tested on base images(before cloning).

Where does the Tunnel Identifier gets recorded in Registry:

  • HKEY_LOCAL_MACHINESOFTWAREAventail VPN ClientConnections   (Under connections we have Connect tunnel profiles which record information related to Tunnel Identifier.

          Image


What needs to be done for such imaging issues?

-Uninstall or  Reinstall of Tunnel Client would generate a Unique Tunnel Identifier with respect to Operating System Unique Identifier.
**Or the Customer could use any tools related to deleting of  Key Value- "TunnelIdentifier"  or deleting the entire "Connections" Key  from Registry.

**
Note: 

  • Any modifications to registry might lead to Operating System crash or BSOD.  Such modifications are to be done at customer / User discretion. SonicWall does not hold any responsibility for any manual changes attempted to modify Registry.  SonicWall recommends to use proper imaging system and proper tunnel installation for user access.
  • To identify such issues Technical Support team needs  users client side tunnel logs and Aventail VPN system health Information (AMC->logging).

Related Articles

  • How to download Client Installation package and the access agents from the appliance using WinSCP
    Read More
  • SMA 1000: How to update Advanced EPC Signatures to the Latest Version
    Read More
  • If OTP is enabled, NX disconnects after SMA100 Connect Agent installation
    Read More

Categories

Secure Mobile Access
SMA 1000 Series
not finding your answers?
Ask the Community
was this article helpful?
YesNo