Solved: FTD 2130 via FMC - Enable IkeV2 on second outside interface

Lee Dress · ‎02-09-2022

I have 2 outside connections to my 2130 and some static routing to point certain things in certain directions.

My secondary outbound interface has all of my site to site tunnels on it.

I have tried to move one device's tunnel to the primary outbound interface, but it always fails. Do I have to do something special to enable ikev2 on this interface?

My ASA 5516 allowed me to build tunnels on both interfaces.

here is the error

FMC >> crypto ikev2 enable nitel
fpr-1 >> [error] : ERROR: Failed to open "udp/localized/2/4500"
ERROR: Error opening IKE port 4500 on Interface nitel
Config Error -- crypto ikev2 enable nitel

Marvin Rhoads · ‎02-09-2022

It's possible you have an existing connection through the firewall that's using udp/4500. Clear the connections and xlates and try to deploy (unless there's a static NAT in place).

View solution in original post

Marvin Rhoads · ‎02-09-2022

It's possible you have an existing connection through the firewall that's using udp/4500. Clear the connections and xlates and try to deploy (unless there's a static NAT in place).

Lee Dress · ‎02-10-2022

we have a Verizon 4g network extender doing a PAT on that port. I will hve to see if I can move it off the network.

Thank you for saving me hours of searching...