FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
samandeep
Staff
Staff
Article Id 358744

 

Description This article describes the step-by-step instructions for troubleshooting and resolving the 'Cache conflict with DDNS gateway <duplicated tunnel-name>' error in IKE debug, which prevents IPsec Site-to-Site (S2S) tunnels from establishing.
Scope FortiGate.
Solution

The 'Cache conflict with DDNS gateway <duplicated tunnel-name>' error in IKE debug indicates a conflict due to duplicate remote address IP usage. To resolve this issue, follow these steps:

 

  1. Verify DDNS Resolution.
    Ensure DDNS resolves to the correct IP address, confirming no recent unit or public IP migrations (Contact TAC if FortiDDNS is being used).

  2. Check the Remote Address.
    Verify that no other tunnel uses the same remote address.

  3. Resolve Conflict.
    If another tunnel uses the same DDNS IP, either:
    Remove the conflicting DDNS IPsec tunnel. There is no option to change the tunnel type from DDNS to static. (Unable to change IPSEC tunnel type and ge... - Fortinet Community),
    Update the DDNS record (Contact TAC support if FortiDDNS is being used).

  4. Configure Network Overlay (Optional).

If both tunnels require the same remote IP address, prepare to configure network overlay in the Phase-1 interface of the IPsec tunnel on both ends.

 

Related article:

How to establish more than one IPsec tunn... - Fortinet Community 

 

If the issue persists after completing the troubleshooting steps, raise a support ticket with TAC and provide IKE debug logs for further assistance.

 

For IKE debugs:

Troubleshooting Tip: IPsec Tunnel (debugging IKE)