From e0bfcf33d5589a33c0a278553389cd2321b06015 Mon Sep 17 00:00:00 2001
From: Jim Galasyn <jim.galasyn@docker.com>
Date: Fri, 15 Sep 2017 17:18:26 -0700
Subject: [PATCH] Add note about IP protocol 50 (ESP) traffic (#4650)

---
 datacenter/ucp/2.2/guides/admin/install/system-requirements.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/datacenter/ucp/2.2/guides/admin/install/system-requirements.md b/datacenter/ucp/2.2/guides/admin/install/system-requirements.md
index 61845e089f..07cec9550c 100644
--- a/datacenter/ucp/2.2/guides/admin/install/system-requirements.md
+++ b/datacenter/ucp/2.2/guides/admin/install/system-requirements.md
@@ -51,6 +51,9 @@ When installing UCP on a host, make sure the following ports are open:
 | managers          |    in     | TCP 12386               | Port for the authentication worker                                                |
 | managers          |    in     | TCP 12387               | Port for the metrics service                                                      |
 
+For overlay networks with encryption to work, you need to ensure that
+IP protocol 50 (ESP) traffic is allowed.
+
 Also, make sure the networks you're using allow the UCP components enough time
 to communicate before they time out.