I have 6 years experience with Fortigates and never have run into this problem. fortios_vpn_ipsec_phase1 : vdom : " " state : "present" access_token : "" vpn_ipsec_phase1 : acct_verify : "enable" add_gw_route : "enable" add_route : "disable" assign_ip : "disable" assign_ip_from : "range" authmethod : "psk" authmethod_remote : "psk" authpasswd : "" authusr : "" authusrgrp : " (source )" auto_negotiate : "enable" backup_gateway : - address : "" banner : "" cert_id_validation : "enable" certificate : - name : "default_name_19 (source )" childless_ike : "enable" client_auto_negotiate : "disable" client_keep_alive : "disable" comments : "" dhcp_ra_giaddr : "" dhcp6_ra_linkaddr : "" dhgrp : "1" digital_signature_auth : "enable" distance : "28" dns_mode : "manual" domain : "" dpd : "disable" dpd_retrycount : "32" dpd_retryinterval : "" eap : "enable" eap_exclude_peergrp : " (source )" eap_identity : "use-id-payload" enforce_unique_id : "disable" esn : "require" fec_base : "39" fec_codec : "rs" fec_egress : "enable" fec_health_check : " (source )" fec_ingress : "enable" fec_mapping_profile : "" fec_receive_timeout : "45" fec_redundant : "46" fec_send_timeout : "47" forticlient_enforcement : "enable" fragmentation : "enable" fragmentation_mtu : "50" group_authentication : "enable" group_authentication_secret : "" ha_sync_esp_seqno : "enable" idle_timeout : "enable" idle_timeoutinterval : "55" ike_version : "1" include_local_lan : "disable" interface : " (source )" ip_delay_interval : "59" ipv4_dns_server1 : "" ipv4_dns_server2 : "" ipv4_dns_server3 : "" ipv4_end_ip : "" ipv4_exclude_range : - end_ip : "" id : "66" start_ip : "" ipv4_name : " (source )" ipv4_netmask : "" ipv4_split_exclude : " (source )" ipv4_split_include : " (source )" ipv4_start_ip : "" ipv4_wins_server1 : "" ipv4_wins_server2 : "" ipv6_dns_server1 : "" ipv6_dns_server2 : "" ipv6_dns_server3 : "" ipv6_end_ip : "" ipv6_exclude_range : - end_ip : "" id : "81" start_ip : "" ipv6_name : " (source )" ipv6_prefix : "84" ipv6_split_exclude : " (source )" ipv6_split_include : " (source )" ipv6_start_ip : "" keepalive : "88" keylife : "89" local_gw : "" localid : "" localid_type : "auto" loopback_asymroute : "enable" mesh_selector_type : "disable" mode : "aggressive" mode_cfg : "disable" name : "default_name_97" nattraversal : "enable" negotiate_timeout : "99" network_id : "100" network_overlay : "disable" npu_offload : "enable" peer : " (source )" peergrp : " (source )" peerid : "" peertype : "any" ppk : "disable" ppk_identity : "" ppk_secret : "" priority : "110" proposal : "des-md5" psksecret : "" psksecret_remote : "" reauth : "disable" rekey : "enable" remote_gw : "" remotegw_ddns : "" rsa_signature_format : "pkcs1" save_password : "disable" send_cert_chain : "enable" signature_hash_alg : "sha1" split_include_service : " (source )" suite_b : "disable" type : "static" unity_support : "disable" usrgrp : " (source. hosts : fortigates collections : - fortinet.fortios connection : httpapi vars : vdom : "root" ansible_httpapi_use_ssl : yes ansible_httpapi_validate_certs : no ansible_httpapi_port : 443 tasks : - name : Configure VPN remote gateway. Controlling how Ansible behaves: precedence rules.Collections in the Theforeman Namespace.Collections in the T_systems_mms Namespace.Collections in the Servicenow Namespace.Collections in the Purestorage Namespace.Collections in the Openvswitch Namespace.Collections in the Netapp_eseries Namespace.Collections in the Kubernetes Namespace.Collections in the Junipernetworks Namespace.Collections in the F5networks Namespace.Collections in the Containers Namespace.Collections in the Cloudscale_ch Namespace.Collections in the Chocolatey Namespace.Collections in the Check_point Namespace.Virtualization and Containerization Guides.