- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Re: IPSec - duplicate connection detected on name...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Not applicable
Created on 01-26-2010 01:02 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
IPSec - duplicate connection detected on name insert
Hello
I' m trying to build a VPN tunnel between 2 fortigates (FGT100A single <-> FGT110C cluster both in v3.00 MR7 patch 7), have configured all the same, " interface mode" , easy PSK, small phase1 & 2 names, and I' m getting this error:
duplicate connection detected on name insert, dropping this connection get tunnel info error.I have tried: - wait for the phase1 & 2 timeout - easier pre shared key - deleting all routes, policies, phase 1 & phase 2 linked to this VPN and recreating them - change the phase 1 and phase 2 names by adding a trailer " t" I have around 40 VPN tunnels from multi vendors (checkpoint, fortinet, PIX, ..) never seen that before. Here' s the log on FGT110C side:
0:VPNSSB35t:2650977: responder: main mode get 1st message... 0:VPNSSB35t:2650977: VID RFC 3947 0:VPNSSB35t:2650977: VID draft-ietf-ipsec-nat-t-ike-08 0:VPNSSB35t:2650977: VID draft-ietf-ipsec-nat-t-ike-07 0:VPNSSB35t:2650977: VID draft-ietf-ipsec-nat-t-ike-06 0:VPNSSB35t:2650977: VID draft-ietf-ipsec-nat-t-ike-05 0:VPNSSB35t:2650977: VID draft-ietf-ipsec-nat-t-ike-04 0:VPNSSB35t:2650977: VID draft-ietf-ipsec-nat-t-ike-03 0:VPNSSB35t:2650977: VID draft-ietf-ipsec-nat-t-ike-02 0:VPNSSB35t:2650977: VID draft-ietf-ipsec-nat-t-ike-02 0:VPNSSB35t:2650977: VID draft-ietf-ipsec-nat-t-ike-01 0:VPNSSB35t:2650977: VID draft-ietf-ipsec-nat-t-ike-00 0:VPNSSB35t:2650977: VID DPD 0:VPNSSB35t:2650977: negotiation result 0:VPNSSB35t:2650977: proposal id = 1: 0:VPNSSB35t:2650977: protocol id = ISAKMP: 0:VPNSSB35t:2650977: trans_id = KEY_IKE. 0:VPNSSB35t:2650977: encapsulation = IKE/none 0:VPNSSB35t:2650977: type=OAKLEY_ENCRYPT_ALG, val=3DES_CBC. 0:VPNSSB35t:2650977: type=OAKLEY_HASH_ALG, val=SHA. 0:VPNSSB35t:2650977: type=AUTH_METHOD, val=PRESHARED_KEY. 0:VPNSSB35t:2650977: type=OAKLEY_GROUP, val=1024. 0:VPNSSB35t:2650977: ISKAMP SA lifetime=28800 0:VPNSSB35t:2650977: selected NAT-T version: RFC 3947 0:VPNSSB35t:2650977: cookie 1f62f8dce1c7c06e/92bf9de2dfb361aa 0:VPNSSB35t:2650977: sent IKE msg (ident_r1send): myFGT110C:500->myFGT100A:500, len=120 VPNSSB35t: Responder: sent myFGT100A main mode message #1 (OK) 0:VPNSSB35t: link fail 3 myFGT100A->myFGT100A:500 dpd=2 0:VPNSSB35t: created DPD triggered connection: 0x8c7b448 3 myFGT100A->myFGT100A:500. 0:VPNSSB35t: new connection. 0:VPNSSB35t: duplicate connection detected on name insert, dropping this connection 0:VPNSSB35t: get tunnel info error. diag d0: comes myFGT100A:500->myFGT110C:500,ifindex=3.... 0: exchange=Identity Protection id=1f62f8dce1c7c06e/0000000000000000 len=320 0: found VPNSSB35t myFGT110C 3 -> myFGT100A:500 0:VPNSSB35t:2650977: retransmission, re-send last message 0:VPNSSB35t:2650977: sent IKE msg (retransmit): myFGT110C:500->myFGT100A:500, len=120 0:VPNSSB35t:2650977: sent IKE msg (P1_RETRANSMIT): myFGT110C:500->myFGT100A:500, len=120Any idea ? rebooting it (we are not on Win***)? Regards
4 REPLIES 4
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello everyone,
we have the same problem with a tunnel. Is there any solution for this? We would be very grateful for a tip.
Regards
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
The error message "duplicate connection detected on name insert, dropping this connection" in FortiGate indicates that there is a conflict with the VPN configuration name you are trying to create. This error typically occurs when there is an existing VPN configuration with the same name as the one you are attempting to establish.
Could you confirm the firmware version and the model of the Fortigate?
To resolve this issue, you can follow these steps:
-
Check existing VPN configurations: Verify if there are any VPN configurations with the same name on both FortiGate devices. Look for any duplicate configurations that might be causing the conflict. Ensure you are checking both the Phase 1 and Phase 2 configurations.
-
Modify VPN configuration names: If you find any conflicting VPN configurations, modify their names to be unique. Append a different identifier or a trailer to the name of the VPN configuration, ensuring it is different from any existing configurations.
-
Clear existing VPN connections: If there are any existing VPN connections using the same name, terminate or delete them before creating the new VPN tunnel. This will allow you to establish a fresh connection with the modified and unique VPN configuration.
-
Verify deleted configurations: After deleting any conflicting VPN configurations, double-check that all related routes, policies, and other configurations associated with the previous VPN connections have been completely removed. Sometimes, residual configurations can cause conflicts even if the VPN connection itself has been terminated.
Feel free to contact us if you have any queries .
regards,
Shilpa
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
thank you very much for the feedback.
The firmware on all appliances is at version 7.0.11 build0489. The main site has an FG400F and the other sites have an FG40F.
I can't find any duplicate configurations per site. On the remote sites, some Phase2 selectors have the same names, but only one site is affected by the behavior.
At night, when the IP changes, our monitoring reports that the site is no longer reachable. On the main site, the Fortigate indicates that the tunnel is UP, which is not true. Now when I debug the tunnels, I get the message with the duplicate entry.
When I manually take the tunnel offline and reconnect, the tunnel is reestablished. The next night the game starts all over again.
Greetings
Created on 03-22-2024 11:43 AM Edited on 03-22-2024 11:43 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
please apply this change on both side of the tunnel
config vpn ipsec phase2-interface
edit <Phase2-Name>
set auto-negotiate enable
set keylifeseconds 1800
next
end
Related Posts
- Packet duplication not done in session... 187 Views
- Backup issue after upgrade to 7.0.14 1287 Views
- Unable to connect with linux forticlient... 575 Views
- Setting up Working IPSec tunnel dialup... 566 Views
- IPsec ESP_Error : Invalid ESP packet... 1446 Views
Labels
-
FortiGate
6,642 -
FortiClient
1,324 -
5.2
801 -
5.4
639 -
FortiManager
575 -
FortiAnalyzer
418 -
6.0
416 -
5.6
362 -
FortiSwitch
341 -
FortiAP
338 -
FortiClient EMS
270 -
6.2
251 -
FortiMail
251 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
154 -
6.4
128 -
FortiNAC
109 -
FortiGuard
105 -
FortiSIEM
91 -
FortiGateCloud
87 -
FortiCloud Products
85 -
IPsec
76 -
FortiToken
73 -
Customer Service
70 -
SSL-VPN
65 -
4.0MR3
64 -
Wireless Controller
58 -
FortiProxy
46 -
FortiADC
44 -
Fortivoice
41 -
FortiEDR
40 -
FortiGate v5.4
34 -
FortiDNS
34 -
FortiExtender
33 -
FortiSandbox
31 -
FortiSwitch v6.4
29 -
SD-WAN
29 -
Firewall policy
28 -
FortiConnect
24 -
High Availability
23 -
FortiWAN
22 -
VLAN
21 -
FortiConverter
21 -
FortiAuthenticator
20 -
ZTNA
19 -
FortiPortal
18 -
FortiSwitch v6.2
16 -
FortiGate v5.2
16 -
FortiMonitor
14 -
SAML
14 -
Certificate
14 -
BGP
13 -
DNS
13 -
FortiGate v5.0
13 -
Interface
13 -
FortiDDoS
13 -
Routing
12 -
FortiCASB
12 -
Logging
12 -
LDAP
11 -
VDOM
11 -
Virtual IP
10 -
FortiRecorder
10 -
RADIUS
9 -
FortiWeb v5.0
9 -
fortilink
9 -
FortiManager v5.0
9 -
NAT
9 -
4.0MR2
9 -
Traffic shaping
8 -
SSID
7 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
SSL SSH inspection
7 -
FortiAnalyzer v5.0
7 -
Application control
7 -
FortiGate v4.0 MR3
7 -
Admin
7 -
4.0
7 -
IP address management - IPAM
7 -
Security profile
6 -
Authentication
6 -
FortiBridge
6 -
Fortigate Cloud
6 -
SNMP
6 -
SSO
6 -
Traffic shaping policy
5 -
Web application firewall profile
5 -
FortiManager v4.0
5 -
Static route
5 -
FortiDirector
4 -
Proxy policy
4 -
packet capture
4 -
WAN optimization
4 -
Automation
4 -
DNS Filter
4 -
Web profile
4 -
FortiTester
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
Port policy
4 -
FortiScan
4 -
IPS signature
3 -
FortiToken Cloud
3 -
FortiAP profile
3 -
DoS policy
3 -
Intrusion prevention
3 -
FortiDB
3 -
FortiDeceptor
2 -
Fortinet Engage Partner Program
2 -
FortiInsight
2 -
NAC policy
2 -
Antivirus profile
2 -
Traffic shaping profile
2 -
VoIP profile
2 -
FortiPAM
2 -
FortiAI
2 -
FortiHypervisor
2 -
Email filter profile
2 -
Netflow
2 -
trunk
2 -
System settings
2 -
4.0MR1
1 -
TACACS
1 -
Users
1 -
Replacement messages
1 -
Schedule
1 -
Subscription Renewal Policy
1 -
SDN connector
1 -
FortiCWP
1 -
FortiNDR
1 -
Application signature
1 -
Authentication rule and scheme
1 -
FortiManager-VM
1 -
Web rating
1 -
Internet Service Database
1 -
Multicast routing
1 -
Zone
1 -
Explicit proxy
1 -
Protocol option
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.