Description | This article describes why VPN recreation fails with an error 'Unable to setup VPN' when using the IPsec Wizard Hub-and-Spoke template due to a duplicate local address group with the same name already exists. |
Scope | FortiGate. |
Solution |
An error in the last step when recreating a VPN using the IPsec Wizard Hub-and-Spoke template will happen when using the same IPsec name as the old one. The IPsec Wizard is unable to create the local address group as there is already a pre-existing configuration from the old VPN config that was not deleted.
A quick fix to this is to use a new IPsec name but if using the same IPsec name when recreating the VPN, it is important to remove all VPN tunnel references, VPN tunnel itself, local address (including address group), and related BGP configuration.
Retry recreating the VPN again and it should now be set up successfully.
|
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.