| Description | The article discusses the issue with being unable to set/unset the IP address on the L2T.Root due to the error 'Conflicts with subnet'. |
| Scope | FortiGate. |
| Solution |
By default, two interfaces cannot share the same IP/Netmask. However, if the L2T.Root interface and an existing IPsec tunnel have been created, they may share the same IP/Netmask, 0.0.0.0/0. When editing the interface, the error 'Conflicts __ with subnet' will be displayed.
Scenario 1: Remove this error by enabling subnet overlap
config system settings set allow-subnet-overlap enable end
Scenario 2: To avoid the GUI error, use the CLI to unset the IP Address. In this case, if an IP address has been set on the l2t.root interface and the requirement is that the interface addresses must be kept 0.0.0.0/0.
config system interface edit "l2t.root" set vdom "root" set ip 10.20.20.2 255.255.255.255 set type tunnel set snmp-index 7 next end
config system interface edit "l2t.root unset ip end
Scenario 3: Set a unique IP address on the tunnel that is conflicting. In the example above, set a unique IP address on the 'IPsec-RA' tunnel interface. |
