cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
219
Views
0
Helpful
3
Replies
Highlighted
Beginner

Cisco IOS XE , ip nat inside source static IP4 Port

Hello,

Upgraded from a 1841 router to a ISR4221/K9.

 

Previous router used:   ip nat inside source static tcp 10.0.10.3 443 X.X.X.3 443 extendable

Trying to modify the command for 4221.   X.X.X.3 is a public ip address

X-VPN#config-t

admin connected from 127.0.0.1 using console on X-VPN
X-VPN(config)# ip nat inside source static tcp 10.0.10.3 443 X.X.X.3 443
X-VPN(config)# comm

 

have also tried:

X-VPN(config)#
X-VPN(config)# ip nat inside source static tcp 10.0.10.3 443 X.X.X.3 443 extendable
X-VPN(config)# comm
Aborted: inconsistent value: Device refused one or more command

 

If I use:  

ip nat inside source static 10.0.10.3 X.X.X.3 extendable

 

It will commit but takes down 2 VPN Tunnels that also use X.X.X.3

 

How doe we do get port 443 traffic to 10.0.10.3?

 

Thanks.

Mark

 

 

3 REPLIES 3
Highlighted
Beginner

Re: Cisco IOS XE , ip nat inside source static IP4 Port

Listing the interface also results in the error:

 

X-VPN(config)# ip nat inside source static tcp 10.0.10.3 443 interface GigabitEthernet0/0/0 443
X-VPN(config)# comm
Aborted: inconsistent value: Device refused one or more commands

 

-Mark

 

Highlighted
Beginner

Re: Cisco IOS XE , ip nat inside source static IP4 Port

The problem seems to be with port 443.  The following are in the running config.

 

ip nat inside source static tcp 10.0.10.63 3391 interface GigabitEthernet0/0/0 3391
ip nat inside source static tcp 10.0.10.63 3389 interface GigabitEthernet0/0/0 3389
ip nat inside source static tcp 10.0.10.8 3390 interface GigabitEthernet0/0/0 3390

 

-Mark

 

Highlighted
Beginner

Re: Cisco IOS XE , ip nat inside source static IP4 Port

In an effort to make 443 available ran both:

 

no ip http server

no ip http secure-server

 

A scan of the public IP showed only port 22 active.

 

tried running the nat command again.  It failed.

 

Changed the port of the http server

 

ip http port 8080

 

Tried changing the secure-server port and got 

 

ip http secure-server port 8443
-------------------^
syntax error: unknown argument