Re: Cisco IOS XE , ip nat inside source static IP4 Port

MSDelamater · ‎06-10-2020

Hello,

Upgraded from a 1841 router to a ISR4221/K9.

Previous router used: ip nat inside source static tcp 10.0.10.3 443 X.X.X.3 443 extendable

Trying to modify the command for 4221. X.X.X.3 is a public ip address

X-VPN#config-t

admin connected from 127.0.0.1 using console on X-VPN
X-VPN(config)# ip nat inside source static tcp 10.0.10.3 443 X.X.X.3 443
X-VPN(config)# comm

have also tried:

X-VPN(config)#
X-VPN(config)# ip nat inside source static tcp 10.0.10.3 443 X.X.X.3 443 extendable
X-VPN(config)# comm
Aborted: inconsistent value: Device refused one or more command

If I use:

ip nat inside source static 10.0.10.3 X.X.X.3 extendable

It will commit but takes down 2 VPN Tunnels that also use X.X.X.3

How doe we do get port 443 traffic to 10.0.10.3?

Thanks.

Mark

MSDelamater · ‎06-10-2020

Listing the interface also results in the error:

X-VPN(config)# ip nat inside source static tcp 10.0.10.3 443 interface GigabitEthernet0/0/0 443
X-VPN(config)# comm
Aborted: inconsistent value: Device refused one or more commands

-Mark

MSDelamater · ‎06-10-2020

The problem seems to be with port 443. The following are in the running config.

ip nat inside source static tcp 10.0.10.63 3391 interface GigabitEthernet0/0/0 3391
ip nat inside source static tcp 10.0.10.63 3389 interface GigabitEthernet0/0/0 3389
ip nat inside source static tcp 10.0.10.8 3390 interface GigabitEthernet0/0/0 3390

-Mark

MSDelamater · ‎06-11-2020

In an effort to make 443 available ran both:

no ip http server

no ip http secure-server

A scan of the public IP showed only port 22 active.

tried running the nat command again. It failed.

Changed the port of the http server

ip http port 8080

Tried changing the secure-server port and got

ip http secure-server port 8443
-------------------^
syntax error: unknown argument