Hi, recently we moved an old Mikrotik router with Cloud DDNS from a location to a new one. We use IPsec Tunnels, and when changing the Remote DDNS Gateway on FortiGate we receive this alert
ike 0:VPN-3: cache conflict with ddns gateway VPN-5
What can I do?. VPN-5 had the same DDNS than VPN-3 two months ago, but now has a different one (new router). Workaround is set the current remote IP address, but with DDNS set, FortiGate doesn't accept connections because doesn't match local policy, but the dns resolves current remote IP correctly.
The "cache conflict with ddns gateway" alert message suggests that the FortiGate is experiencing a conflict with the cached DNS records for the old DDNS gateway. This could be causing the FortiGate to use the wrong IP address when establishing the IPsec tunnel.
One potential solution is to clear the DNS cache on the FortiGate to ensure that it is using the correct DNS records. You can do this by going to "System" > "FortiGuard" > "Web Filter" and selecting the "Cache" tab. From there, you can click "Clear Cache" to clear the DNS cache.
If clearing the DNS cache does not resolve the issue, you may want to try manually configuring the IP address for the new DDNS gateway in the FortiGate's IPsec settings. To do this, go to "VPN" > "IPsec Wizard" and select "Custom VPN Tunnel". Under the "VPN Tunnel" section, select "Static IP Address" and enter the IP address of the new DDNS gateway.
Alternatively, you may want to try deleting the old IPsec tunnel configuration and creating a new one with the updated DDNS gateway. This should ensure that the FortiGate is using the correct IP address for the new DDNS gateway.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.