Skip to main content
A
Anonymous_User
New Contributor III
January 26, 2010
Question

IPSec - duplicate connection detected on name insert

  • January 26, 2010
  • 1 reply
  • 5730 views
Hello I' m trying to build a VPN tunnel between 2 fortigates (FGT100A single <-> FGT110C cluster both in v3.00 MR7 patch 7), have configured all the same, " interface mode" , easy PSK, small phase1 & 2 names, and I' m getting this error: 
  duplicate connection detected on name insert, dropping this connection  get tunnel info error.
I have tried: - wait for the phase1 & 2 timeout - easier pre shared key - deleting all routes, policies, phase 1 & phase 2 linked to this VPN and recreating them - change the phase 1 and phase 2 names by adding a trailer " t" I have around 40 VPN tunnels from multi vendors (checkpoint, fortinet, PIX, ..) never seen that before. Here' s the log on FGT110C side: 
  0:VPNSSB35t:2650977: responder: main mode get 1st message...  0:VPNSSB35t:2650977: VID RFC 3947  0:VPNSSB35t:2650977: VID draft-ietf-ipsec-nat-t-ike-08  0:VPNSSB35t:2650977: VID draft-ietf-ipsec-nat-t-ike-07  0:VPNSSB35t:2650977: VID draft-ietf-ipsec-nat-t-ike-06  0:VPNSSB35t:2650977: VID draft-ietf-ipsec-nat-t-ike-05  0:VPNSSB35t:2650977: VID draft-ietf-ipsec-nat-t-ike-04  0:VPNSSB35t:2650977: VID draft-ietf-ipsec-nat-t-ike-03  0:VPNSSB35t:2650977: VID draft-ietf-ipsec-nat-t-ike-02  0:VPNSSB35t:2650977: VID draft-ietf-ipsec-nat-t-ike-02    0:VPNSSB35t:2650977: VID draft-ietf-ipsec-nat-t-ike-01  0:VPNSSB35t:2650977: VID draft-ietf-ipsec-nat-t-ike-00  0:VPNSSB35t:2650977: VID DPD  0:VPNSSB35t:2650977: negotiation result  0:VPNSSB35t:2650977: proposal id = 1:  0:VPNSSB35t:2650977:   protocol id = ISAKMP:  0:VPNSSB35t:2650977:      trans_id = KEY_IKE.  0:VPNSSB35t:2650977:      encapsulation = IKE/none  0:VPNSSB35t:2650977:         type=OAKLEY_ENCRYPT_ALG, val=3DES_CBC.  0:VPNSSB35t:2650977:         type=OAKLEY_HASH_ALG, val=SHA.  0:VPNSSB35t:2650977:         type=AUTH_METHOD, val=PRESHARED_KEY.  0:VPNSSB35t:2650977:         type=OAKLEY_GROUP, val=1024.  0:VPNSSB35t:2650977: ISKAMP SA lifetime=28800  0:VPNSSB35t:2650977: selected NAT-T version: RFC 3947  0:VPNSSB35t:2650977: cookie 1f62f8dce1c7c06e/92bf9de2dfb361aa  0:VPNSSB35t:2650977: sent IKE msg (ident_r1send): myFGT110C:500->myFGT100A:500, len=120  VPNSSB35t: Responder: sent myFGT100A main mode message #1 (OK)  0:VPNSSB35t: link fail 3 myFGT100A->myFGT100A:500 dpd=2  0:VPNSSB35t: created DPD triggered connection: 0x8c7b448 3 myFGT100A->myFGT100A:500.    0:VPNSSB35t: new connection.  0:VPNSSB35t: duplicate connection detected on name insert, dropping this connection  0:VPNSSB35t: get tunnel info error.    diag d0: comes myFGT100A:500->myFGT110C:500,ifindex=3....  0: exchange=Identity Protection id=1f62f8dce1c7c06e/0000000000000000 len=320  0: found VPNSSB35t myFGT110C 3 -> myFGT100A:500  0:VPNSSB35t:2650977: retransmission, re-send last message  0:VPNSSB35t:2650977: sent IKE msg (retransmit): myFGT110C:500->myFGT100A:500, len=120  0:VPNSSB35t:2650977: sent IKE msg (P1_RETRANSMIT): myFGT110C:500->myFGT100A:500, len=120
Any idea ? rebooting it (we are not on Win***)? Regards

    1 reply

    Westeifel
    Westeifel
    New Member
    May 31, 2023

    Hello everyone,

    we have the same problem with a tunnel. Is there any solution for this? We would be very grateful for a tip.

    Regards

    Shilpa1
    Staff
    Shilpa1
    Staff
    May 31, 2023

    Hello,

    The error message "duplicate connection detected on name insert, dropping this connection" in FortiGate indicates that there is a conflict with the VPN configuration name you are trying to create. This error typically occurs when there is an existing VPN configuration with the same name as the one you are attempting to establish.


    Could you confirm the firmware version and the model of the Fortigate?

    To resolve this issue, you can follow these steps:

    1. Check existing VPN configurations: Verify if there are any VPN configurations with the same name on both FortiGate devices. Look for any duplicate configurations that might be causing the conflict. Ensure you are checking both the Phase 1 and Phase 2 configurations.

    2. Modify VPN configuration names: If you find any conflicting VPN configurations, modify their names to be unique. Append a different identifier or a trailer to the name of the VPN configuration, ensuring it is different from any existing configurations.

    3. Clear existing VPN connections: If there are any existing VPN connections using the same name, terminate or delete them before creating the new VPN tunnel. This will allow you to establish a fresh connection with the modified and unique VPN configuration.

    4. Verify deleted configurations: After deleting any conflicting VPN configurations, double-check that all related routes, policies, and other configurations associated with the previous VPN connections have been completely removed. Sometimes, residual configurations can cause conflicts even if the VPN connection itself has been terminated.

      Feel free to contact us if you have any queries .

      regards,
      Shilpa



    Westeifel
    Westeifel
    New Member
    June 1, 2023

    Hello,

    thank you very much for the feedback.

    The firmware on all appliances is at version 7.0.11 build0489. The main site has an FG400F and the other sites have an FG40F.

    I can't find any duplicate configurations per site. On the remote sites, some Phase2 selectors have the same names, but only one site is affected by the behavior.

    At night, when the IP changes, our monitoring reports that the site is no longer reachable. On the main site, the Fortigate indicates that the tunnel is UP, which is not true. Now when I debug the tunnels, I get the message with the duplicate entry.

     

    When I manually take the tunnel offline and reconnect, the tunnel is reestablished. The next night the game starts all over again.

     

    Greetings

     

    Terms & ConditionsAccessibility statement