NAT error "Unable to reserve ports"

Unanswered Question
Sep 22nd, 2014
User Badges:
  • Blue, 1500 points or more

I have an ASA 5512 running asa915-smp-k8.bin

 I enter the following commands and get this error.

FW-5512-ASA(config)# object network TCP_OWA_443
FW-5512-ASA(config-network-object)# nat (inside,outside) static interface service tcp https https
ERROR: NAT unable to reserve ports.

What would be causing this?

Here is what I tried...

removed ASDM http access from the outside....no change.

removed ASDM http access from inside....no change

Disable HTTP server.... no change

 

What else have I missed?

 

Mike

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Jouni Forss Mon, 09/22/2014 - 11:11
User Badges:
  • Super Bronze, 10000 points or more

Hi,

 

Are you using SSL VPN on the ASA?


You can use the following command to list some configuration related to it

 

show run webvpn


Under the shown configurations you could change the used port for those VPN connections though it would naturally have an effect on your users in the sense that they could not use the default HTTPS port of TCP/443.

 

If you are not using SSL VPN then I would guess this might be a bug. I did have a situation on my ASA5505 that prevented from doing Static PAT for a certain port suddenly with the same error message but a reboot/reload helped in that case.

 

You can also use the following command to see if the ASA is using the mentioned port still for some reason

 

show asp table socket

 

- Jouni

burleyman Mon, 09/22/2014 - 12:16
User Badges:
  • Blue, 1500 points or more

Thanks Jouri...

 

I was just going to post here that I kept troubleshooting and with the help of a co-worker I discovered two things.

One I had to change

http server enable

to

http server enable 4433

or any other port you would like because I have access from outside

 

and the webvpn I just disabled and then added the lines

object network TCP_OWA_443
 nat (inside,outside) static interface service tcp https https

 

and then re-enabled webvpn

 

and it worked.

 

Mike

Actions

This Discussion