01-23-2020 05:51 AM
Hello.
i have config on asa 5525-x v9.10.2 and before it. Config working fine!!! when I updated to the 9.12.2 or 9.13.1 version, an error appeared. Line 2 can not be added. "ERROR: NAT unable to reserve ports"
Why is this not working? Not working on any port 3333 or 2222 or 3389 after update.
nat (internet,dmz) source static any any destination static 1.1.1.1 10.200.5.1 service 3333 3333 no-proxy-arp
nat (inside,dmz) source static any any destination static 1.1.1.1 10.200.5.1 service 3333 3333 no-proxy-arp
"ERROR: NAT unable to reserve ports"
Full config on after "write erase"
-----------------------------
interface GigabitEthernet0/0
nameif inside
security-level 100
ip address 192.168.141.254 255.255.255.0
interface GigabitEthernet0/1
nameif internet
security-level 0
ip address 192.168.142.254 255.255.255.0
interface GigabitEthernet0/2
nameif dmz
security-level 50
ip address 192.168.143.254 255.255.255.0
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object network 1.1.1.1
host 1.1.1.1
object network 10.200.5.1
host 10.200.5.1
object service 3333
service tcp destination eq 3333
nat (internet,dmz) source static any any destination static 1.1.1.1 10.200.5.1 service 3333 3333 no-proxy-arp
nat (inside,dmz) source static any any destination static 1.1.1.1 10.200.5.1 service 3333 3333 no-proxy-arp
"ERROR: NAT unable to reserve ports"
01-23-2020 10:53 AM
you getting the error message "ERROR: NAT unable to reserve ports" means your port are already used. try to change the port number. that will fix the issue.
01-23-2020 09:43 PM - edited 01-23-2020 09:45 PM
Hello. i have clean config (write erase) Only this 2 nat line. This problem with any port. Any!
2222,3333,1234,5432
On 9.10 this config works fine!
01-23-2020 09:59 PM
Can anyone explain why it works at 9.10, but not at 9.12?
01-26-2020 09:51 PM
Please, help. I need to upgrade to a new version, but nat is not working properly. How to fix the problem?
02-01-2020 10:35 AM
hi could you please share your configuration of firewall you can hide the real ip address i shall test in lab environment. you moving away form 9.x to 9.12?
once you provide me the configuration i shall get back to you
02-03-2020 06:28 AM
Hello.
I test on asa 5525-x and ASAv. Same problem.
All config is default. I do "write erase". "Reload". And then enter these lines from console:
interface GigabitEthernet0/0
nameif inside
security-level 100
ip address 192.168.141.254 255.255.255.0
interface GigabitEthernet0/1
nameif internet
security-level 0
ip address 192.168.142.254 255.255.255.0
interface GigabitEthernet0/2
nameif dmz
security-level 50
ip address 192.168.143.254 255.255.255.0
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object network 1.1.1.1
host 1.1.1.1
object network 10.200.5.1
host 10.200.5.1
object service 3333
service tcp destination eq 3333
nat (internet,dmz) source static any any destination static 1.1.1.1 10.200.5.1 service 3333 3333 no-proxy-arp
nat (inside,dmz) source static any any destination static 1.1.1.1 10.200.5.1 service 3333 3333 no-proxy-arp
"ERROR: NAT unable to reserve ports"
02-05-2020 02:52 PM - edited 02-05-2020 02:55 PM
You could try using "any" interface instead of inside / internet. I would suggest to do this during a service window.
no nat (internet,dmz) source static any any destination static 1.1.1.1 10.200.5.1 service 3333 3333 no-proxy-arp
nat (any,dmz) source static any any destination static 1.1.1.1 10.200.5.1 service 3333 3333 no-proxy-arp
02-05-2020 03:42 AM - edited 02-05-2020 03:57 AM
02-18-2020 03:51 AM
Please help. The problem is still not resolved.
Asa software 9.13(1.3), 9.12(3.4) not aviable at cisco download center
02-18-2020 02:06 PM
check to see if the ports are already being used:
show conn | in 3333
show asp table socket
03-10-2020 11:47 PM
Solution: asa9-12-3-7-smp-k8.bin
Revision: Version 9.12(3)7 – 03/03/2020
Files: asa9123-7-smp-k8.bin, cisco-asa-fp2k.9.12.3.7.SPA, cisco-asa.9.12.3.7.SPA.csp
Defects resolved since 9.12(3)2:
ASA/FTD: Twice nat Rule with same service displaying error "ERROR: NAT unable to reserve ports" |
I’ll check this release soon.
03-11-2020 12:24 AM
Finally everything works! For a whole year this bug prevented me from updating the system. Glory to me and the developers, who first broke everything, then fixed it.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide