the ASA is unable to reserve the ports, because port 4500 is already in use by either anyconnect etc if you have it enabled or for your vpn connections, for that reason the firewall is unable to assign port 4500 to your host.
You can however change the mapping port for external connections to another port, 45000 for example.
object network host
host X.X.X.X
nat (inside,outside) static interface service UDP 4500 45000
Please note that when the packet arrives to the ASA he will translate port 45000 to 4500, which is the port that your internal host is listening to.
please do not forget to rate.
please do not forget to rate.