| Description | This article discusses a duplicate gateway that is not possible to choose in the IPsec tunnel. |
| Scope | FortiGate. |
| Solution |
When a second IPsec VPN tunnel is created with the same remote gateway IP, it shows an error at the end with 'duplicate remote gateway'.
'The remote gateway is a duplicate of another IPsec gateway entry (The existing phase1 name)
Use the same external IP with a different port to use the same external server, or it is necessary to change the external IP, as the same information will conflict.
As a limitation, it is not possible to use the same remote gateway IP in the IPsec tunnel because it will conflict with policy, static route, and phase-2 selectors. It is then not possible to choose the same remote gateway IP on another tunnel.
However, in ADVPN, it is possible to choose the same remote gateway IP by differentiating traffic by network-id. Below are the settings that need to be set:
config vpn ipsec phase1-interface edit <tunnel name> set network-overlay enable set network-id x <----- Any integer number .
Related document: |
