Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1611
Views
5
Helpful
3
Replies

ASA 5506-X NAT Failing.

Go to solution
cktuckerini
Level 1
Level 1

‎11-05-2019 04:47 PM - edited ‎11-05-2019 05:29 PM

I apologize for creating such a noob post however, I'm stumped.  ASA 5506-X and am attempting to NAT traffic to a Mitel phone system.  I have quite a few NAT rules working perfectly well but when I attempt to NAT ports 67-69 and  50098-50508 I receive:

 

Pool (0.0.0.0) overlap with existing pool

 

Error: NAT unable to reserve ports.

 

Objects and access lists create perfectly well.

 

There something very simple I'm missing, I'm sure.  I'm attaching current running cfg and changes I'm attempting to apply.  Again, only the above ports (services Mitel_3 and Mitel_8) are failing. 

Labels:
Preview file
14 KB
Preview file
6 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
bhargavdesai
Spotlight
Spotlight

‎11-06-2019 03:33 AM

Could you check if there are any existing connections and xlate enties for the ports ?
sh connection | in 50098
show xlate | in 50098
If there is any entry try clearing it using clear xlate/clear conn command and then try applying the static NAT.

You can also use the following command to see if the ASA is using the mentioned port still for some reasons.
show asp table socket

HTH
### RATE ALL HELPFUL RESPONSES ###

View solution in original post

3 Replies 3

Go to solution
bhargavdesai
Spotlight
Spotlight

‎11-06-2019 03:33 AM

Could you check if there are any existing connections and xlate enties for the ports ?
sh connection | in 50098
show xlate | in 50098
If there is any entry try clearing it using clear xlate/clear conn command and then try applying the static NAT.

You can also use the following command to see if the ASA is using the mentioned port still for some reasons.
show asp table socket

HTH
### RATE ALL HELPFUL RESPONSES ###

Go to solution
cktuckerini
Level 1
Level 1
In response to bhargavdesai

‎11-06-2019 11:54 AM

Thank you for those useful commands however, none are showing anything on the problematic ports.  Anything else I can check?

0 Helpful

Go to solution
cktuckerini
Level 1
Level 1
In response to cktuckerini

‎11-06-2019 12:14 PM - edited ‎11-06-2019 04:47 PM

*** Update. I broke the 67-69 range out into single port objects and I can nat port 69 but not 67 or 68 (get the above error message). Could it be because the asa is acting as a DHCP server?

 

I've also determined how to properly use the sh xlate command with wildcards for the port range and found/cleared several random connections on ports 501xx, 502xx and 504xx.  Once I cleared those I was able to successfully add the nat to object "Mitel_8".  I sincerely appreciate your time and the new knowledge! 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card