I have this config for a IPsec tunnel sort of working in my SR520/K9

interface Tunnel15
bandwidth 1000
ip address 10.100.15.1 255.255.255.252
ip mtu 1395
load-interval 30
tunnel source 203.xxx.xxx.154
tunnel destination 203.xxx.xxx.42
tunnel mode ipsec ipv4
tunnel protection ipsec profile siteVPN
!
interface FastEthernet0
switchport access vlan 2

interface FastEthernet4
ip address 203.xxx.xxx.154 255.255.255.248
ip virtual-reassembly

!

interface Vlan2
ip address 192.168.10.1 255.255.255.0

The tunnel source and destination IP addresses are routed Internet addresses at different sites. The tunnel is up and I can ping the remote tunnel IP from either end. So all seems good until I ping the VLAN2 address from the remote router (routing via the tunnel is correct).

I get this error on the SR520:

%IP-4-DUPADDR: Duplicate address 192.168.10.1 on FastEthernet4, sourced by 0026.cb9a.4276

It reports the duplicate IP on the Internet facing port where the tunnel terminates. The source MAC address is not an interface in this router, it is the interface on another Cisco router that is the gateway to the Internet, the next hop from this one.

There is no patch lead plugged into the switchport for VLAN2. The IP is one I just made up and is not used anywhere on our network. If I change the IP and redo the test the same message comes up with the new IP.

What causes this strange duplicate IP on a Tunnel inteface to reported by another router?