EX SSL-VPN: What is the reason for IP Address Conflict reported on cloned Windows Operating system
03/26/2020 
7 
10464
DESCRIPTION:
EX SSL-VPN: What is the reason for IP Address Conflict reported on cloned Windows Operating system images?
RESOLUTION:
Question:
What is the reason for Ip Address Conflict reported on cloned Windows Operating system images? Is this related to imaging process followed or related to Aventail for assigning same ip address to different clients.
Resolution/Workaround:
Most of the customers provide imaged pc's to their end users. All imaging tools provide options to generate Unique Security Identifiers. Aventail Connect Tunnel Client Installed and connected creates a Unique "Tunnel Identifier" once logged in.
Identified Imaging Issues:
- Any imaging process that does not generate Unique Security Identifier would cause an issue related to duplicate Identifiers.
- Tunnel Client Installed and tested for access would generate a Unique Tunnel Identifier. The base image with tested tunnel client when cloned would also duplicate the tunnel Identifier. (Change of Operating System Unique Identifier during the imaging process would not change the Aventail Connect Identifier).
- Aventail Tunnel Identifier is created and stored under registry settings.
- Tunnel Clients should not to be tried or tested on base images(before cloning).
Where does the Tunnel Identifier gets recorded in Registry:
- HKEY_LOCAL_MACHINESOFTWAREAventail VPN ClientConnections (Under connections we have Connect tunnel profiles which record information related to Tunnel Identifier.
What needs to be done for such imaging issues?
-Uninstall or Reinstall of Tunnel Client would generate a Unique Tunnel Identifier with respect to Operating System Unique Identifier.
**Or the Customer could use any tools related to deleting of Key Value- "TunnelIdentifier" or deleting the entire "Connections" Key from Registry.
**
Note:
- Any modifications to registry might lead to Operating System crash or BSOD. Such modifications are to be done at customer / User discretion. SonicWall does not hold any responsibility for any manual changes attempted to modify Registry. SonicWall recommends to use proper imaging system and proper tunnel installation for user access.
- To identify such issues Technical Support team needs users client side tunnel logs and Aventail VPN system health Information (AMC->logging).
Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
Security ServicesComprehensive security for your network security solution
Capture Security applianceAdvanced Threat Protection for modern threat landscape
Network Security ManagerModern Security Management for today’s security landscape
Secure Mobile AccessRemote, best-in-class, secure access
Wireless Access PointsEasy to manage, fast and secure Wi-FI
SwitchesHigh-speed network switching for business connectivity
Cloud App SecurityVisibility and security for Cloud Apps
Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
Capture ClientStop advanced threats and rollback the damage caused by malware
Content Filtering ClientControl access to unwanted and unsecure web content
