02-09-2022 06:58 PM
I have 2 outside connections to my 2130 and some static routing to point certain things in certain directions.
My secondary outbound interface has all of my site to site tunnels on it.
I have tried to move one device's tunnel to the primary outbound interface, but it always fails. Do I have to do something special to enable ikev2 on this interface?
My ASA 5516 allowed me to build tunnels on both interfaces.
here is the error
FMC >> crypto ikev2 enable nitel
fpr-1 >> [error] : ERROR: Failed to open "udp/localized/2/4500"
ERROR: Error opening IKE port 4500 on Interface nitel
Config Error -- crypto ikev2 enable nitel
Solved! Go to Solution.
02-09-2022 07:51 PM
It's possible you have an existing connection through the firewall that's using udp/4500. Clear the connections and xlates and try to deploy (unless there's a static NAT in place).
02-09-2022 07:51 PM
It's possible you have an existing connection through the firewall that's using udp/4500. Clear the connections and xlates and try to deploy (unless there's a static NAT in place).
02-10-2022 04:57 AM
we have a Verizon 4g network extender doing a PAT on that port. I will hve to see if I can move it off the network.
Thank you for saving me hours of searching...
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide