Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
23660
Views
30
Helpful
17
Replies

"NAT %Port <> is being used by system" on cisco ISR4331

mamaral
Beginner
Beginner

‎06-08-2016 03:07 AM - edited ‎03-08-2019 06:07 AM

Hi!

I'm having a problem with an ISR4331 regarding NAT.

I cannot make a static nat for port 5011 because it keeps reponding this:

%Port 5011 is being used by system

The show ip socket gives me this:

Proto Remote Port Local Port In Out Stat TTY OutputIF
17 255.255.255.255 68 192.168.1.254 67 0 0 2002211 0
17 10.16.214.7 514 192.168.1.254 64191 0 0 400210 0

And the show ip nat portblock dynamic global gives me this:

tcp:
8192 -9215 7168 -8191 6144 -7167 5120 -6143 4096 -5119
545 -617
udp:
8597 -9620 7573 -8596 6549 -7572 5525 -6548 4501 -5524
585 -648 512 -584

So, why can't i use the port 5011 ????

The ios is: 154-3.S5

Tkx

Miguel

10 people had this problem
Labels:
17 Replies 17

Mark Malone
Mentor
Mentor

‎06-08-2016 03:49 AM

Looks a lot like below on 4351 same type of IOS-XE software

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCus49353/?referring_site=bugquickviewredir

"NAT %Port <> is being used by system" with fix CSCuc79208
CSCus49353
Description
Symptom:
A Port Forwarding rule cannot be added as the following error message is displayed:

"NAT %Port <> is being used by system"

===================================================

ls-rtr1-4351#sh ip nat portblock dynamic global
tcp:
5120 -6143 4096 -5119 3072 -4095 2048 -3071 1024 -2047

618 -681 545 -617
udp:
6549 -7572 5525 -6548 4501 -5524 3010 -4033 1986 -3009
585 -648 512 -584

cls-rtr1-4351#show ip nat portblock pat global
tcp:
9989

The above ports are dynamically allocated to NAT when more ports are needed for creating translations. So whenever the ports being requested in the the "static mapping" is not in the list above for 'sh ip nat portblock dynamic global', the configuration will be successful otherwise it will fail.
That is why it does not fail when you configure static mapping first and dynamic mapping second as the port is not already allocation for dynamic mapping.

Conditions:
ISR4351 running version 15.4(3)S1

NAT Overload had been configured before the Port Forwarding attempt.

Workaround:
Remove all nat statments and configure static nat before nat overload.

Further Problem Description:

Customer Visible
Was the description about this Bug Helpful?
(3)
Details
Last Modified:
May 5,2016
Status:
Open
Severity:
6 Enhancement
Product:
(1)
Cisco ASR 1000 Series Aggregation Services Routers
Support Cases:
28
Known Affected Releases:
(1)
15.4(3)S1.1

mamaral
Beginner
Beginner
In response to Mark Malone

‎06-08-2016 07:36 AM

I tried that workaround and it still gives me the same error.

0 Helpful