cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to the Cisco Small Business Community

Have a question? Click on a topic board below to get started in the community.
Get the latest news in this issue of the Cisco Small Business Monthly Newsletter

600
Views
0
Helpful
3
Replies
Highlighted
Beginner

ISR4331 - NAT issue %Port 22 is being used by system

I'm trying to add a dynamic and a static NAT on a ISR4331 device. The dynamic works fine but when I enter in the static I get the error "%Port 22 is being used by system". I cleared the ip nat trans*, remove dynamic NAT and added the static first and still get the same error

 

Any ideas?

 

interface GigabitEthernet0/0/0
description Outside LAN Interface
ip address 192.168.98.50 255.255.255.0

 

interface GigabitEthernet0/0/1
description Inside 
ip address 192.168.1.1 255.255.255.0

 

ip nat inside source route-map NAT-DYNAMIC-RMAP interface GigabitEthernet0/0/0 overload

ip nat inside source static tcp 192.168.1.30 22 192.168.98.50 22 route-map NAT-STATIC-RMAP extendable

%Port 22 is being used by system

 

route-map NAT-STATIC-RMAP permit 1
match ip address 101
match interface GigabitEthernet0/0/0
!
route-map NAT-DYNAMIC-RMAP permit 1
match ip address 101
match interface GigabitEthernet0/0/0

 

I'm running IOS XE version isr4300-universalk9.16.09.03.SPA.bin

 

Thanks

 

GW

3 REPLIES 3
Highlighted
Beginner

Re: ISR4331 - NAT issue %Port 22 is being used by system

The error is fairly self explanatory. 

The router is already using port 22 for SSH access to itself and therefore does not allow you to use it for other purposes.

You will have to use another outside port to get this working, perhaps 192.168.98.50 222 as an example. 

ip nat inside source static tcp 192.168.1.30 22 192.168.98.50 222 route-map NAT-STATIC-RMAP extendable
Highlighted
Beginner

Re: ISR4331 - NAT issue %Port 22 is being used by system

This fixed it

action 1.0 cli command "enable"

action 2.0 cli command "conf t"

action 2.1 cli command "crypto key zeroize rsa" pattern "yes"

action 2.2 wait 5

action 2.3 cli command "yes"

action 5.3 cli command "ip nat inside source static tcp 1.1.1.1 22
80.28.132.236 22"

action 5.5 cli command "crypto key generate rsa general-keys modulus 512"

action 6.0 cli command "end"



https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvo68393/?reffering_site=dum
pcr
Highlighted
Beginner

Re: ISR4331 - NAT issue %Port 22 is being used by system

Interesting.
I guess that as long as you're never going to connect via ssh to the outside interface of the router it's a useful workaround.