05-21-2019 09:50 AM
I'm trying to add a dynamic and a static NAT on a ISR4331 device. The dynamic works fine but when I enter in the static I get the error "%Port 22 is being used by system". I cleared the ip nat trans*, remove dynamic NAT and added the static first and still get the same error
Any ideas?
interface GigabitEthernet0/0/0
description Outside LAN Interface
ip address 192.168.98.50 255.255.255.0
interface GigabitEthernet0/0/1
description Inside
ip address 192.168.1.1 255.255.255.0
ip nat inside source route-map NAT-DYNAMIC-RMAP interface GigabitEthernet0/0/0 overload
ip nat inside source static tcp 192.168.1.30 22 192.168.98.50 22 route-map NAT-STATIC-RMAP extendable
%Port 22 is being used by system
route-map NAT-STATIC-RMAP permit 1
match ip address 101
match interface GigabitEthernet0/0/0
!
route-map NAT-DYNAMIC-RMAP permit 1
match ip address 101
match interface GigabitEthernet0/0/0
I'm running IOS XE version isr4300-universalk9.16.09.03.SPA.bin
Thanks
GW
05-24-2019 06:20 AM
The error is fairly self explanatory.
The router is already using port 22 for SSH access to itself and therefore does not allow you to use it for other purposes.
You will have to use another outside port to get this working, perhaps 192.168.98.50 222 as an example.
ip nat inside source static tcp 192.168.1.30 22 192.168.98.50 222 route-map NAT-STATIC-RMAP extendable
05-24-2019 06:58 AM
05-24-2019 07:16 AM
09-03-2020 01:13 PM - edited 09-03-2020 01:13 PM
I don't like the fact the script will trigger on any link up/down event. I am doing this on an ASR 1002-HX.
Here is the config.
event manager applet NAT authorization bypass
event syslog pattern "%SPA_OIR-6-ONLINECARD:"
action 1.0 cli command "enable"
action 2.0 cli command "conf t"
action 2.1 cli command "crypto key zeroize rsa"
action 2.2 wait 5
action 2.3 cli command "yes"
action 5.3 cli command "ip nat inside source static tcp 172.17.0.66 22 x.x.x.x 22 extendable"
action 5.5 cli command "crypto key generate rsa general-keys modulus 2048 label myrsakey"
action 6.0 cli command "end"
Unfortunately the script did not run at reload.
This is what I found in the show event manager history events detailed
8 8 Actv abort Thu Sep 3 14:42:31 2020 syslog applet: NAT
msg
*Sep 3 14:42:31.695: %SPA_OIR-6-ONLINECARD: SPA (BUILT-IN-EPA-8x1G) online in subslot 0/0
9 10 Actv abort Thu Sep 3 14:42:41 2020 syslog applet: NAT
msg
*Sep 3 14:42:41.020: %SPA_OIR-6-ONLINECARD: SPA (BUILT-IN-EPA-8x10G) online in subslot 0/1
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide