cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2132
Views
5
Helpful
2
Replies

NAT error "Unable to reserve ports"

burleyman
Level 8
Level 8

I have an ASA 5512 running asa915-smp-k8.bin

 I enter the following commands and get this error.

FW-5512-ASA(config)# object network TCP_OWA_443
FW-5512-ASA(config-network-object)# nat (inside,outside) static interface service tcp https https
ERROR: NAT unable to reserve ports.

What would be causing this?

Here is what I tried...

removed ASDM http access from the outside....no change.

removed ASDM http access from inside....no change

Disable HTTP server.... no change

 

What else have I missed?

 

Mike

2 Replies 2

Jouni Forss
VIP Alumni
VIP Alumni

Hi,

 

Are you using SSL VPN on the ASA?


You can use the following command to list some configuration related to it

 

show run webvpn


Under the shown configurations you could change the used port for those VPN connections though it would naturally have an effect on your users in the sense that they could not use the default HTTPS port of TCP/443.

 

If you are not using SSL VPN then I would guess this might be a bug. I did have a situation on my ASA5505 that prevented from doing Static PAT for a certain port suddenly with the same error message but a reboot/reload helped in that case.

 

You can also use the following command to see if the ASA is using the mentioned port still for some reason

 

show asp table socket

 

- Jouni

Thanks Jouri...

 

I was just going to post here that I kept troubleshooting and with the help of a co-worker I discovered two things.

One I had to change

http server enable

to

http server enable 4433

or any other port you would like because I have access from outside

 

and the webvpn I just disabled and then added the lines

object network TCP_OWA_443
 nat (inside,outside) static interface service tcp https https

 

and then re-enabled webvpn

 

and it worked.

 

Mike

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: