I have a C1101-4p that keeps skipping a static IP/port mapping when it reloads. Please see example of the line below
ip nat inside source static tcp x.x.x.x 443 x.x.x.x 443 extendable
This is the first line of the static mappings. It will load the 5 lines immediately following, including another line for the same IP address involving a different port. Each time the router reloads I have to manually enter this configuration.
you could be hitting the bug below:
Reorder ip nat configuration - to be placed after ip http configuration
Upon reboot, while the device is loading the configuration we see the following error "%Port 443 is being used by system". The happens upon every reload whenever static NAT for tcp port 443 is configured even though the HTTPS secure port is changed to 9999.
Router configured with local HTTPS server on non-default port.
ip http secure-server
ip http secure-port 9999
Static NAT using port TCP 443 is configured
ip nat inside source static tcp 172.16.0.1 443 192.168.0.1 443 extendable
- Reconfigure the static NAT entry for TCP 443 after every reboot.
While this is valid to a certain degree, due to CSCvn67837 - 4 minute caveat and with the usability and ease of configuration aspects, this is not a very good workaround
but yes #3 is a workable solution that has been used by some other customers while they got the actual fix
- Use EEM script to reconfigure the static NAT entry for TCP 443 after reboot.
This is a good workaround for customers to use,
The EEM script mentioned in the bug would look like this:
event manager applet STATIC_NAT
event syslog pattern "SYS-5-RESTART"
event timer countdown time 30
action 1.0 cli command "enable"
action 2.0 cli command "config terminal"
action 3.0 cli command "ip nat inside source static tcp x.x.x.x 443 x.x.x.x 443 extendable"
action 4.0 cli command "end"
action 5.0 cli command "write"