ip nat inside

gio.bitsadze · ‎10-22-2019

ip nat inside source static tcp 192.168.200.45 5000 interface GigabitEthernet0/0/0 5000

%Port 5000 is being used by system

any guesses?

Jaderson Pessoa · ‎10-22-2019

Well,

this port is already in use by your router.. you can use the show tcp to check who is responsible for unavailable port. But you can change the port if possible.

Jaderson Pessoa
*** Rate All Helpful Responses ***

gio.bitsadze · ‎10-22-2019

Already, port isn't in use ((

Georg Pauwen · ‎10-22-2019

Hello,

all

try and shut all active interfaces, then clear the NAT translations (clear ip nat translation *), then add the static entry. Don'y forget to 'no shut' your interfaces...

gio.bitsadze · ‎10-22-2019

Ok, Interesting, I will try that tomorrow

gio.bitsadze · ‎10-23-2019

not working ((

Georg Pauwen · ‎10-23-2019

Hello,

you get the same message, even with just that one static NAT entry ?

What router is this on ? Can you issue the exec command:

sh ip nat portblock dynamic global

?

Deepak Kumar · ‎10-23-2019

Hi,

I think then a good option to share running configuration with us

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

gio.bitsadze · ‎10-23-2019

Using 2964 out of 33554432 bytes
!
! Last configuration change at 15:51:01 UTC Tue Oct 22 2019 by cisco
!
version 15.4
service timestamps debug datetime msec
service timestamps log datetime msec
no platform punt-keepalive disable-kernel-core
!
hostname xxxxxxxx
!
boot-start-marker
boot-end-marker
!
!
vrf definition Mgmt-intf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
enable password xxxxx
!
no aaa new-model
!
!
!
!
!
!
!
!
!

ip domain name xxxx
ip host xxxx 192.168.200.46
ip host xxxx192.168.200.77
ip host xxxx 192.168.200.46
ip host xxxx 192.168.200.46
ip name-server 8.8.8.8
ip name-server 192.168.200.77

ip dhcp excluded-address 192.168.200.1 192.168.200.100
ip dhcp excluded-address 192.168.200.200
!
ip dhcp pool xxxx
network 192.168.200.0 255.255.255.0
default-router 192.168.200.1
dns-server 192.168.200.77 8.8.8.8 8.8.4.4
!
!
!
!
!
!
!
!
!
!
subscriber templating
!
multilink bundle-name authenticated
!
!
!
!
license udi pid ISR4331/K9 sn FDO191117MT
license accept end user agreement
license boot level securityk9
!
username xxxx privilege 15 password 0 xxxx
!
redundancy
mode none
!
!
!
!
!
!
ip tftp source-interface GigabitEthernet0
ip ssh version 2
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0/0
ip address 188.169.xxxx.xxxx 255.255.255.252
ip nat outside
ip access-group outside-in in
negotiation auto
!
interface GigabitEthernet0/0/1
ip address 192.168.200.1 255.255.255.0
ip nat inside
negotiation auto
!
interface GigabitEthernet0/0/2
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet0
vrf forwarding Mgmt-intf
no ip address
shutdown
negotiation auto
!
ip nat inside source list 1 interface GigabitEthernet0/0/0 overload
ip nat inside source static tcp 192.168.200.46 80 interface GigabitEthernet0/0/0 80
ip nat inside source static tcp 192.168.200.52 22 interface GigabitEthernet0/0/0 5222
ip nat inside source static tcp 192.168.200.11 902 interface GigabitEthernet0/0/0 902
ip nat inside source static tcp 192.168.200.11 443 interface GigabitEthernet0/0/0 443
ip nat inside source static udp 192.168.200.30 14872 interface GigabitEthernet0/0/0 14872
ip nat inside source static tcp 192.168.200.45 8081 interface GigabitEthernet0/0/0 8081
ip nat inside source static tcp 192.168.200.45 5000 interface GigabitEthernet0/0/0 5000

ip forward-protocol nd
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 188.169.xxxx.xxxx
!
!
ip access-list extended outside-in
permit tcp host 193.239.217.81 any eq 443
permit tcp host 193.239.217.81 any eq 902
permit tcp host 213.110.132.201 any eq 443
permit tcp host 213.110.132.201 any eq 902
deny tcp any any eq 443
deny tcp any any eq 902
permit ip any any
!
access-list 1 permit 192.168.200.0 0.0.0.255
!
!
!
control-plane
!
!
line con 0
logging synchronous
login local
stopbits 1
line aux 0
stopbits 1
line vty 0 4
privilege level 15
password cisco
login local
transport input ssh
!
!
end

Georg Pauwen · ‎10-23-2019

Hello,

what is the output of:

sh ip nat portblock dynamic global

show ip nat portblock pat global

When you entered the static NAT command, was that your first line, that is, did you enter:

ip nat inside source static tcp 192.168.200.45 5000 interface GigabitEthernet0/0/0 5000

before

ip nat inside source list 1 interface GigabitEthernet0/0/0 overload

?

Georg Pauwen · ‎10-23-2019

Also, if this is an ISR4K router (is it ?), version 15.4 contains a bug which causes this issue. Upgrade to the recommended release Fuji-16.9.4 MD if possible...

gio.bitsadze · ‎10-23-2019

outer#show ip nat portblock dynamic global

tcp: 4096 -5119 545 -617

udp: 4501 -5524 512 -584

Jaderson Pessoa · ‎10-23-2019

Hello guy,

Just test it and put here the result:

ip nat inside source static tcp 192.168.200.45 5001 interface GigabitEthernet0/0/0 5001

Jaderson Pessoa
*** Rate All Helpful Responses ***

gio.bitsadze · ‎10-24-2019

router(config)#$00.45 5001 interface GigabitEthernet0/0/0 5001
%Port 5001 is being used by system

router(config)#$00.45 4999 interface GigabitEthernet0/0/0 4999
%Port 5001 is being used by system

gio.bitsadze · ‎10-24-2019

router#show ip nat portblock dynamic global
tcp:
4096 -5119 545 -617
udp:
4501 -5524 512 -584