Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
11803
Views
5
Helpful
2
Replies

ERROR: NAT unable to reserve ports.: HTTPS

Go to solution
Fabian Scott
Level 1
Level 1

‎07-20-2016 10:38 AM - edited ‎03-12-2019 01:02 AM

I'm getting an error when trying to direct HTTPS to a specific IP. 

object network HTTPS
host 10.10.100.11
nat (inside,outside) static interface service tcp 443 443

ERROR: NAT unable to reserve ports

I do have AnyConnect VPN setup using SSL (FYI). I'm a bit new to cisco. I'm more of a self leaner. Please help. Thanks

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Kornelia Gutierrez
Level 1
Level 1

‎07-20-2016 12:56 PM

Hello Fabian,

I hope you are fine, the ASA is unable to reserve the ports, because port 443 is already in use by either ASDM if you have it enabled or for your  vpn connections, for that reason the firewall is unable to assign port 443 to your host.

You can however change the mapping port for external connections to another port, 4443 for example.

object network HTTPS
host 10.10.100.11
nat (inside,outside) static interface service tcp 443 4443

When your outside host try to reach the internal host, remember to type in the web browser the following:

Https://x.x.x.x:4443 where x.x.x.x is the public ip of your internal host 

Please note that when the packet arrives to the ASA he will translate port 4443 to 443, which is the port that your internal host is listening to.

Hope this helps!

Kornelia Gutierrez

View solution in original post

2 Replies 2

Go to solution
Kornelia Gutierrez
Level 1
Level 1

‎07-20-2016 12:56 PM

Hello Fabian,

I hope you are fine, the ASA is unable to reserve the ports, because port 443 is already in use by either ASDM if you have it enabled or for your  vpn connections, for that reason the firewall is unable to assign port 443 to your host.

You can however change the mapping port for external connections to another port, 4443 for example.

object network HTTPS
host 10.10.100.11
nat (inside,outside) static interface service tcp 443 4443

When your outside host try to reach the internal host, remember to type in the web browser the following:

Https://x.x.x.x:4443 where x.x.x.x is the public ip of your internal host 

Please note that when the packet arrives to the ASA he will translate port 4443 to 443, which is the port that your internal host is listening to.

Hope this helps!

Kornelia Gutierrez

Go to solution
Fabian Scott
Level 1
Level 1
In response to Kornelia Gutierrez

‎07-20-2016 01:10 PM

Very well explained. Thx!!!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card