SecureClient creating duplicate profile

[ldgunnink]

I have been having a problem with some of my SecureClient users where they are seeing a duplicate profile created. This profile is identical to the active profile, except it is appended with a "1" and any advanced options are not set.

They notice a problem because they are able to make a connection to the gateway, but are not able to access resources on the network. This is because the connectivity enhancements that are necessary are no longer marked in the duplicate profile.

Any ideas would be greatly appreciated. Thanks,

Loren Gunnink

[ldgunnink]

I recreated the problem on my own machine, though I am not sure exactly why it happened. Here is the message that came up:

"Your computer is trying to establish communication with a gateway for which you do not have a suitable Location Profile.

Do you wish to automatically create a new profile and continue?"

The new profile has different settings than the original:

Original profile:
Gateway: <set to specific gateway>
Advanced options: Office Mode, Connectivity Enhancements, Visitor Mode

New profile:
Gateway: <Any Gateway>
Advanced options: Office Mode, Connectivity Enhancements, Use NAT traversal tunneling (and its sub-options)


I think these differences in the profile properties are what causes the problems for my users.

Can anyone explain this behaviour in SecureClient? Is the client trying to access a network resource that is not behind the specific gateway I had selected? Any insight would be much appreciated. Thanks,

Loren Gunnink

[melipla]

New connection profiles are created with SecureClient R56 in Auto Connect mode

Solution ID: #sk30756

Product: SecureClient
Version: NG AI
Last Modified: 21-Apr-2005
Symptoms

* When using SecureClient/SecuRemote R56 in Auto Connect mode, the client may create a new connection profile in the following scenario: When establishing communication with VPN domain, the client tries to connect to a certain gateway, according to the topology. If client has no Location Profile defined with required gateway, and there is no Location Profile with Any Gateway set, the client creates a new profile with Any Gateway set. The new profile is created with default settings (policy server on gateway, Office mode enabled, visitor mode turned off, etc.) Security Administrators may see this behavior as problematic, since the Policy Server, Route All Traffic and other connectivity flags are set to default.

Solution
This behavior is by design.

Security Administrators should have at least one read-only Location Profile set with Any Gateway. Starting with SecureClient R60, user is warned before a new profile is automatically created, allowing the user to override the creation.

To disable warning, add the "prompt_for_no_suitable_profile (false)", under global options in the userc.C file.

For reference on editing userc.C file, see solution,
Applies To:

* SecureClient R56
* Auto Connect mode
* Profiles

[melipla]

Sorry, that SK literally ends there (without a reference to the userc.c editing). I'm not sure how you specify a "read-only Location Profile set with Any Gateway". We use connect mode and all of our profiles are read-only & I haven't seen the problem you're describing.

[VaroBeodab]

ldgunnink did you find a fix to this problem, the location profile being appended with a "1", if so could you detail how you fixed this issue or any resources you may have used to fix it?

[ldgunnink]

VaroBeodab,

I'm sorry it has been so long for me to reply. I haven't had a need to come back to the forum for a while.

I found that this "problem" is actually by design. It happens when you select a specific gateway in your profile properties. When your SecureClient-connect machine tries to connect to a resource that is not accessible through the gateway that you have selected, SecureClient creates a "duplicate" profile with the gateway set to "any" so it can access that resource. There is probably some issue with VPN routing that is not allowing your clients to access the resources they need through the gateway you have selected.

Loren