Description | This article discusses a duplicate gateway that is not possible to choose in the IPsec tunnel. |
Scope | FortiGate. |
Solution |
When a second IPsec VPN tunnel is created with the same remote gateway IP, it shows an error at the end with 'duplicate remote gateway'.
The virtual IP is overlapped with another VIP entry-test. object check operator error, -5, discard the setting Command fail. Return code -5
Use the same external IP with a different port to use the same external server or it is necessary to change the external IP as the same information will conflict.
As a limitation, it is not possible to use the same remote gateway IP in the IPsec tunnel because it will conflict with policy, static route, and phase-2 selectors. It is then not possible to choose the same remote gateway IP on another tunnel.
However, in ADVPN, it is possible to choose the same remote gateway IP by differentiating traffic by network-id, below are the settings that need to be set:
# config vpn ipsec phase1-interface edit <tunnel name> set network-overlay enable set network-id x <----- Any integer number .
Related document: |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.