noad
asked on
RDP on 4321 Router
Hello everyone.
I asked this question a few days ago and it was answered and I was able to remote in, but now using a different router (Cisco 4321)
I'm doing a port forward using RDP and I get the following message after I input the below command
ip nat inside source static tcp 192.168.5.9 3389 50.73.7.209 3389 extendable
%Port 3389 is being used by system...
Thank You
I asked this question a few days ago and it was answered and I was able to remote in, but now using a different router (Cisco 4321)
I'm doing a port forward using RDP and I get the following message after I input the below command
ip nat inside source static tcp 192.168.5.9 3389 50.73.7.209 3389 extendable
%Port 3389 is being used by system...
Thank You
ASKER
I just got this router, no rdp rule at all
any other ideas?
any other ideas?
ASKER
is there a command to see if that port is being used other then sh run?
Is there any Pre-Defined rules installed ? Maybe is there
ASKER
how can I check
I did another drp using a diff port, took the command, but unable to remote in
I did another drp using a diff port, took the command, but unable to remote in
Check your IOS version. you mayu need to upgrade. There's a known bug for some versions.
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCus49353/?referring_site=bugquickviewclick
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCus49353/?referring_site=bugquickviewclick
ASKER
jamc
looked into it here is the show after running the command
R0NWGS(config)#do sh ip nat portblock dynamic global
tcp:
5120 -6143 4096 -5119 3072 -4095 2048 -3071 1024 -2047
545 -617
udp:
5525 -6548 4501 -5524 3072 -4095 2048 -3071 1024 -2047
585 -648 512 -584
R0NWGS(config)#
I see that port 3389 is in the range of 3072 to 4095 ...
so I can't use port 3389?
looked into it here is the show after running the command
R0NWGS(config)#do sh ip nat portblock dynamic global
tcp:
5120 -6143 4096 -5119 3072 -4095 2048 -3071 1024 -2047
545 -617
udp:
5525 -6548 4501 -5524 3072 -4095 2048 -3071 1024 -2047
585 -648 512 -584
R0NWGS(config)#
I see that port 3389 is in the range of 3072 to 4095 ...
so I can't use port 3389?
Yeah you can. You have to configure the nating and then configure overload. Did you do that?
route-map NAT permit 5
match ip address nating
ip nat inside source route-map NAT interface GigabitEthernet0/0/0 overload
route-map NAT permit 5
match ip address nating
ip nat inside source route-map NAT interface GigabitEthernet0/0/0 overload
ASKER
sorry new with Cisco
Not really sure what to do.
can you spell it out step by step?
Here is my config
login as: admin
Using keyboard-interactive authentication.
Password:
R0NWGS#sh run
Building configuration...
Current configuration : 2175 bytes
!
! Last configuration change at 22:04:37 UTC Thu Dec 22 2016 by admin
!
version 15.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
no platform punt-keepalive disable-kernel-core
!
hostname R0NWGS
!
boot-start-marker
boot system bootflash:isr4300-universa lk9.03.13. 02.S.154-3 .S2-ext.SP A.bin
boot-end-marker
!
!
vrf definition Mgmt-intf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
enable secret 5 $1$NkJt$Z.7t.g9DQlGEbu8bZ7 5HQ0
enable password 7 10460C150918
!
no aaa new-model
!
!
!
!
!
!
!
!
!
ip domain name nwgs.biz
ip dhcp excluded-address 192.168.5.1 192.168.5.100
ip dhcp excluded-address 192.168.4.1 192.168.4.10
!
ip dhcp pool NWGS
network 192.168.5.0 255.255.255.0
default-router 192.168.5.1
dns-server 192.168.5.9 8.8.8.8
!
ip dhcp pool playroom
network 192.168.4.0 255.255.255.0
default-router 192.168.4.1
dns-server 192.168.5.9
!
!
!
!
!
!
!
!
!
!
subscriber templating
multilink bundle-name authenticated
!
!
!
!
license udi pid ISR4321/K9 sn FDO18451BXL
!
username admin privilege 15 secret 5 $1$YcHE$snwPRXA.KjudbaxJZg dvp1
!
redundancy
mode none
!
!
!
!
!
!
!
interface GigabitEthernet0/0/0
ip address 50.73.7.209 255.255.255.252
ip nat outside
negotiation auto
!
interface GigabitEthernet0/0/1
ip address 192.168.5.1 255.255.255.0
ip nat inside
negotiation auto
!
interface GigabitEthernet0/0/1.4
encapsulation dot1Q 4
ip address 192.168.4.1 255.255.255.0
ip nat inside
!
interface GigabitEthernet0
vrf forwarding Mgmt-intf
no ip address
negotiation auto
!
ip nat inside source list 103 interface GigabitEthernet0/0/0 overload
ip nat inside source static tcp 192.168.5.107 3389 50.73.7.209 3390 extendable
ip forward-protocol nd
no ip http server
no ip http secure-server50.73.7.209
!
!
access-list 103 permit ip 192.168.5.0 0.0.0.255 any
access-list 103 permit ip 192.168.4.0 0.0.0.255 any
!
!
!
control-plane
!
!
line con 0
password 7 141F1707000B
stopbits 1
line aux 0
password 7 09444B05150A
stopbits 1
line vty 0 4
password 7 151C1C0B177C7C7C7F
login local
transport input all
!
!
end
R0NWGS#
Thank you
Not really sure what to do.
can you spell it out step by step?
Here is my config
login as: admin
Using keyboard-interactive authentication.
Password:
R0NWGS#sh run
Building configuration...
Current configuration : 2175 bytes
!
! Last configuration change at 22:04:37 UTC Thu Dec 22 2016 by admin
!
version 15.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
no platform punt-keepalive disable-kernel-core
!
hostname R0NWGS
!
boot-start-marker
boot system bootflash:isr4300-universa
boot-end-marker
!
!
vrf definition Mgmt-intf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
enable secret 5 $1$NkJt$Z.7t.g9DQlGEbu8bZ7
enable password 7 10460C150918
!
no aaa new-model
!
!
!
!
!
!
!
!
!
ip domain name nwgs.biz
ip dhcp excluded-address 192.168.5.1 192.168.5.100
ip dhcp excluded-address 192.168.4.1 192.168.4.10
!
ip dhcp pool NWGS
network 192.168.5.0 255.255.255.0
default-router 192.168.5.1
dns-server 192.168.5.9 8.8.8.8
!
ip dhcp pool playroom
network 192.168.4.0 255.255.255.0
default-router 192.168.4.1
dns-server 192.168.5.9
!
!
!
!
!
!
!
!
!
!
subscriber templating
multilink bundle-name authenticated
!
!
!
!
license udi pid ISR4321/K9 sn FDO18451BXL
!
username admin privilege 15 secret 5 $1$YcHE$snwPRXA.KjudbaxJZg
!
redundancy
mode none
!
!
!
!
!
!
!
interface GigabitEthernet0/0/0
ip address 50.73.7.209 255.255.255.252
ip nat outside
negotiation auto
!
interface GigabitEthernet0/0/1
ip address 192.168.5.1 255.255.255.0
ip nat inside
negotiation auto
!
interface GigabitEthernet0/0/1.4
encapsulation dot1Q 4
ip address 192.168.4.1 255.255.255.0
ip nat inside
!
interface GigabitEthernet0
vrf forwarding Mgmt-intf
no ip address
negotiation auto
!
ip nat inside source list 103 interface GigabitEthernet0/0/0 overload
ip nat inside source static tcp 192.168.5.107 3389 50.73.7.209 3390 extendable
ip forward-protocol nd
no ip http server
no ip http secure-server50.73.7.209
!
!
access-list 103 permit ip 192.168.5.0 0.0.0.255 any
access-list 103 permit ip 192.168.4.0 0.0.0.255 any
!
!
!
control-plane
!
!
line con 0
password 7 141F1707000B
stopbits 1
line aux 0
password 7 09444B05150A
stopbits 1
line vty 0 4
password 7 151C1C0B177C7C7C7F
login local
transport input all
!
!
end
R0NWGS#
Thank you
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
OK...
i was able to do the clear command.
when I do the no ip nat inside soruce list 103 int g0/0/1 overload
I get the following
%Dynamic mapping in use, cannot remove
how do I turn off dynamic mapping?
i was able to do the clear command.
when I do the no ip nat inside soruce list 103 int g0/0/1 overload
I get the following
%Dynamic mapping in use, cannot remove
how do I turn off dynamic mapping?
The problem is that new NAT sessions open every microsecond, as soon as you delete NAT sessions new sessions are created.
You need to stop NAT by either:
- shutdown interfaces that are participating in NAT
- remove ip nat inside / ip nat outside from interfaces
- denying traffic to be natted by temporary create ACL that will deny all traffic (preffered)
(so schedule downtime for this - internet will not work during change)
no access-list 103
access-list 103 deny ip any any
When new sessions are not opening you need to clear existing NAR translations by issue command:
clear ip nat trans *
no ip nat inside source list 103 int g0/0/1 overload
! most likely you don't have to delete nat statement if natting is not performed, but anyway (the same could be with ACL that you can just delete it and there is no need to create one to deny all traffic :) ...
Then you should be able to issue:
ip nat inside source static tcp 192.168.5.9 3389 50.73.7.209 3389 extendable
ip nat inside source static tcp 192.168.5.107 3389 50.73.7.209 3390 extendable
ip nat inside source list 103 interface GigabitEthernet0/0/0 overload
!
no access-list 103
access-list 103 permit ip 192.168.4.0 0.0.1.255 any !optimized ACL :)
You need to stop NAT by either:
- shutdown interfaces that are participating in NAT
- remove ip nat inside / ip nat outside from interfaces
- denying traffic to be natted by temporary create ACL that will deny all traffic (preffered)
(so schedule downtime for this - internet will not work during change)
no access-list 103
access-list 103 deny ip any any
When new sessions are not opening you need to clear existing NAR translations by issue command:
clear ip nat trans *
no ip nat inside source list 103 int g0/0/1 overload
! most likely you don't have to delete nat statement if natting is not performed, but anyway (the same could be with ACL that you can just delete it and there is no need to create one to deny all traffic :) ...
Then you should be able to issue:
ip nat inside source static tcp 192.168.5.9 3389 50.73.7.209 3389 extendable
ip nat inside source static tcp 192.168.5.107 3389 50.73.7.209 3390 extendable
ip nat inside source list 103 interface GigabitEthernet0/0/0 overload
!
no access-list 103
access-list 103 permit ip 192.168.4.0 0.0.1.255 any !optimized ACL :)
Predrag...
OK,
I got a better idea, I'm at the Fire Dept on duty today so I wil have to wait till I get home tomorrow to implement.
so it I understand correctly, I'm just changing the order int which things are being applied, correct?
Thank you for your reply.
Respectfully
J.Pineiro
OK,
I got a better idea, I'm at the Fire Dept on duty today so I wil have to wait till I get home tomorrow to implement.
so it I understand correctly, I'm just changing the order int which things are being applied, correct?
Thank you for your reply.
Respectfully
J.Pineiro
You need to stop NAT, when natting is not working order should not be important.
During period that NAT is stopped internet for sure will not work.
During period that NAT is stopped internet for sure will not work.
I understand that i need to stop NAT.
but once stopped then i'm just reversing the order int which things are applied, correct?
but once stopped then i'm just reversing the order int which things are applied, correct?
What I'm asking is this
I have it in the config as of now like this
ip nat inside source list 103 interface GigabitEthernet0/0/0 overload
ip nat inside source static tcp 192.168.5.107 3389 50.73.7.209 3390 extendable
1-What you are saying is to stop NAT
2- do a (clear ip nat trans *)
3- Delete this statement (no ip nat inside source list 103 int g0/0/1 overload)
4- Then add the (no ip nat inside source list 103 int g0/0/1 overload) again, this time is will be at the bottom so that it gets processed after the forwarding...
Is that correct?
Thank you for your help
Respectfully
J.Pineiro
I have it in the config as of now like this
ip nat inside source list 103 interface GigabitEthernet0/0/0 overload
ip nat inside source static tcp 192.168.5.107 3389 50.73.7.209 3390 extendable
1-What you are saying is to stop NAT
2- do a (clear ip nat trans *)
3- Delete this statement (no ip nat inside source list 103 int g0/0/1 overload)
4- Then add the (no ip nat inside source list 103 int g0/0/1 overload) again, this time is will be at the bottom so that it gets processed after the forwarding...
Is that correct?
Thank you for your help
Respectfully
J.Pineiro
What I expect that will do the trick (issued in this order)
Additional commands are just for the case that commands above are "not enough".
I believe that the first list of commands is enough to do the trick, but since believing is not good enough...
The second list is to be ready for the case that I am wrong.
:)
no access-list 103
!
clear ip nat trans *
!
ip nat inside source static tcp 192.168.5.9 3389 50.73.7.209 3389 extendable
ip nat inside source static tcp 192.168.5.107 3389 50.73.7.209 3390 extendable
!
access-list 103 permit ip 192.168.4.0 0.0.1.255 any
Additional commands are just for the case that commands above are "not enough".
no access-list 103
access-list 103 deny ip any any
!
clear ip nat trans *
!
no ip nat inside source list 103 interface GigabitEthernet0/0/0 overload
ip nat inside source static tcp 192.168.5.9 3389 50.73.7.209 3389 extendable
ip nat inside source static tcp 192.168.5.107 3389 50.73.7.209 3390 extendable
ip nat inside source list 103 interface GigabitEthernet0/0/0 overload
!
no access-list 103
access-list 103 permit ip 192.168.4.0 0.0.1.255 any
I believe that the first list of commands is enough to do the trick, but since believing is not good enough...
The second list is to be ready for the case that I am wrong.
:)
I really thank you for all of your help.
Like I said, I'm on duty today at the Fire Dept, will do it as soon as I get in tomorrow.
Thank you so much for the simple steps...
To understand this better, doing this is b/c that is just the way the router is programmed or is it a bug on the router that is not allowing for the same config as for the 1941 router that I had before?
Again,
Thank you for all of your help
Respectfully
J.Pineiro
Like I said, I'm on duty today at the Fire Dept, will do it as soon as I get in tomorrow.
Thank you so much for the simple steps...
To understand this better, doing this is b/c that is just the way the router is programmed or is it a bug on the router that is not allowing for the same config as for the 1941 router that I had before?
Again,
Thank you for all of your help
Respectfully
J.Pineiro
that is just the way the router is programmedIt is normal router behavior.
OK...
So I can expect different route to have different programming.
Understood.
I'll let you know how it goes in AM with the changes.
Respectfully
J.Pineiro
So I can expect different route to have different programming.
Understood.
I'll let you know how it goes in AM with the changes.
Respectfully
J.Pineiro
Predrage
So I did exactly as you suggested, but still can't get it to work.
R0NWGS(config)#en
% Incomplete command.
R0NWGS(config)#
R0NWGS(config)#no access-list 103
R0NWGS(config)#
R0NWGS(config)#exit
R0NWGS#
*Dec 24 19:31:59.841: %SYS-5-CONFIG_I: Configured from console by consoleclear i p nat trans
R0NWGS#clear ip nat translation *
R0NWGS#
R0NWGS#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R0NWGS(config)#$de source static tcp 192.168.5.9 3389 50.73.7.209 3389
%Port 3389 is being used by system min3389
R0NWGS(config)#
R0NWGS(config)#
R0NWGS(config)#no access-list 103
R0NWGS(config)#exit
R0NWGS#clear
*Dec 24 19:33:42.229: %SYS-5-CONFIG_I: Configured from console by consoleip nat rans
R0NWGS#clear ip nat rans
^
% Invalid input detected at '^' marker.
R0NWGS#
R0NWGS#clear ip nat trans
R0NWGS#clear ip nat translation *
R0NWGS#
R0NWGS#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R0NWGS(config)#no access-lsit 103
^
% Invalid input detected at '^' marker.
R0NWGS(config)#no access-list 103
R0NWGS(config)#access-list 103 deny ip any any
R0NWGS(config)#exit
R0NWGS#clea
*Dec 24 19:34:57.714: %SYS-5-CONFIG_I: Configured from console by consoler
% Type "clear ?" for a list of subcommands
R0NWGS#
R0NWGS#clear ip nat trans
R0NWGS#clear ip nat translation *
R0NWGS#
R0NWGS#
R0NWGS#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R0NWGS(config)#no ip nat inside source list 103 int g0/0/0 overload
%Dynamic mapping not found
R0NWGS(config)#
R0NWGS(config)#$de source static tcp 192.168.5.9 3389 50.73.7.209 3389
%Port 3389 is being used by system min3389
R0NWGS(config)#
R0NWGS(config)#R0NWGS(conf ig)#exit
To ensure that I was not passing any NAT traffic I even disconnected the WAN cable.
^
So I did exactly as you suggested, but still can't get it to work.
R0NWGS(config)#en
% Incomplete command.
R0NWGS(config)#
R0NWGS(config)#no access-list 103
R0NWGS(config)#
R0NWGS(config)#exit
R0NWGS#
*Dec 24 19:31:59.841: %SYS-5-CONFIG_I: Configured from console by consoleclear i p nat trans
R0NWGS#clear ip nat translation *
R0NWGS#
R0NWGS#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R0NWGS(config)#$de source static tcp 192.168.5.9 3389 50.73.7.209 3389
%Port 3389 is being used by system min3389
R0NWGS(config)#
R0NWGS(config)#
R0NWGS(config)#no access-list 103
R0NWGS(config)#exit
R0NWGS#clear
*Dec 24 19:33:42.229: %SYS-5-CONFIG_I: Configured from console by consoleip nat rans
R0NWGS#clear ip nat rans
^
% Invalid input detected at '^' marker.
R0NWGS#
R0NWGS#clear ip nat trans
R0NWGS#clear ip nat translation *
R0NWGS#
R0NWGS#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R0NWGS(config)#no access-lsit 103
^
% Invalid input detected at '^' marker.
R0NWGS(config)#no access-list 103
R0NWGS(config)#access-list
R0NWGS(config)#exit
R0NWGS#clea
*Dec 24 19:34:57.714: %SYS-5-CONFIG_I: Configured from console by consoler
% Type "clear ?" for a list of subcommands
R0NWGS#
R0NWGS#clear ip nat trans
R0NWGS#clear ip nat translation *
R0NWGS#
R0NWGS#
R0NWGS#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R0NWGS(config)#no ip nat inside source list 103 int g0/0/0 overload
%Dynamic mapping not found
R0NWGS(config)#
R0NWGS(config)#$de source static tcp 192.168.5.9 3389 50.73.7.209 3389
%Port 3389 is being used by system min3389
R0NWGS(config)#
R0NWGS(config)#R0NWGS(conf
To ensure that I was not passing any NAT traffic I even disconnected the WAN cable.
^
This is problem
according to configuration above command should be there
ip nat inside source list 103 interface GigabitEthernet0/0/0 overload
no ip nat inside source list 103 int g0/0/0 overloadSomehow command is not working
%Dynamic mapping not found
according to configuration above command should be there
ip nat inside source list 103 interface GigabitEthernet0/0/0 overload
And also it could be that you run into Cisco Bug CSCuc79208
It is similar platform
Conditions:
ISR4351 running version 15.4(3)S1
So, it could be affected
It is similar platform
Conditions:
ISR4351 running version 15.4(3)S1
So, it could be affected
The above ports are dynamically allocated to NAT when more ports are needed for creating translations. So whenever the ports being requested in the the "static mapping" is not in the list above for 'sh ip nat portblock dynamic global', the configuration will be successful otherwise it will fail.So, looks like, static natting must be configured prior to configure NAT rule or bug will affect the system.
That is why it does not fail when you configure static mapping first and dynamic mapping second as the port is not already allocation for dynamic mapping.
Predrag,
So I should re-config the route and create static mapping before I create the NAT rule?
If that is the problem, I can re-config the router. Should no take long to do it.
so I would do something like this?
int g0/0/0
ip nat outside
int g0/0/1
ip nat inside
ip nat insdie source static tcp 192.168.5.9 3389 50.73.7.209 3389
ip nat insdie source static tcp 192.168.5.107 3389 50.73.7.209 3389
ip nat inside source list 103 interface int 0/0/0 overload
access-list 103 permit ip 192.168.5.0 0.0.0.255 any
access-list 103 permit ip 192.168.4.0 0.0.0.255 any
Would the above be correct?
Also what is down the road I want to open another port?
Do I have to re-config again the entire router or will it fall into the correct place?
Thank you
Respectfully
J.Pineiro
So I should re-config the route and create static mapping before I create the NAT rule?
If that is the problem, I can re-config the router. Should no take long to do it.
so I would do something like this?
int g0/0/0
ip nat outside
int g0/0/1
ip nat inside
ip nat insdie source static tcp 192.168.5.9 3389 50.73.7.209 3389
ip nat insdie source static tcp 192.168.5.107 3389 50.73.7.209 3389
ip nat inside source list 103 interface int 0/0/0 overload
access-list 103 permit ip 192.168.5.0 0.0.0.255 any
access-list 103 permit ip 192.168.4.0 0.0.0.255 any
Would the above be correct?
Also what is down the road I want to open another port?
Do I have to re-config again the entire router or will it fall into the correct place?
Thank you
Respectfully
J.Pineiro
Try to issue # sh ip nat portblock dynamic global
if tcp port 3390 is not listed as in use than most likely it is Cisco bug from above.
access-list 103 permit ip 192.168.4.0 0.0.1.255 any
One line instead of two lines. :)
no ip nat inside source list 103 int g0/0/0 overload
%Dynamic mapping not found
is a part of the bug, but cannot be sure. There is a way to change startup configuration and then reloading router should solve the problem, but generally I don't recommend that approach (if not done correctly can cause a lot of problems).
if tcp port 3390 is not listed as in use than most likely it is Cisco bug from above.
So I should re-config the route and create static mapping before I create the NAT rule?Looks that way.
access-list 103 permit ip 192.168.5.0 0.0.0.255 anyoptimization for ACL 103 is
access-list 103 permit ip 192.168.4.0 0.0.0.255 any
access-list 103 permit ip 192.168.4.0 0.0.1.255 any
One line instead of two lines. :)
Would the above be correct?Yes.
Also what is down the road I want to open another port?Looks like you can run into the same problem again, but I guess that it should be corrected in the next version of IOS (if bug is present in this one).
Do I have to re-config again the entire router or will it fall into the correct place?Not sure what needs to be done, what is actually workaround in the case that is Cisco bug. My guess is (worst case scenario)- delete commands relevant to NAT reload device and after reload configure NAT again. But maybe bug is not present, but I guess that
no ip nat inside source list 103 int g0/0/0 overload
%Dynamic mapping not found
is a part of the bug, but cannot be sure. There is a way to change startup configuration and then reloading router should solve the problem, but generally I don't recommend that approach (if not done correctly can cause a lot of problems).
Predrag
Here is the showing of the sh ip nat portblock dynamic global
login as: admin
Using keyboard-interactive authentication.
Password:
R0NWGS#en
R0NWGS#sh ip nat portblock dynamic global
tcp:
6144 -7167 5120 -6143 4096 -5119 3072 -4095 2048 -3071
1024 -2047 545 -617
udp:
5525 -6548 4501 -5524 3072 -4095 2048 -3071 1024 -2047
585 -648 512 -584
R0NWGS#
Not sure how to read this are ports 3072 to 4095 open or set aside for use?
Thank you
Respectfully
J.Pineiro
Here is the showing of the sh ip nat portblock dynamic global
login as: admin
Using keyboard-interactive authentication.
Password:
R0NWGS#en
R0NWGS#sh ip nat portblock dynamic global
tcp:
6144 -7167 5120 -6143 4096 -5119 3072 -4095 2048 -3071
1024 -2047 545 -617
udp:
5525 -6548 4501 -5524 3072 -4095 2048 -3071 1024 -2047
585 -648 512 -584
R0NWGS#
Not sure how to read this are ports 3072 to 4095 open or set aside for use?
Thank you
Respectfully
J.Pineiro
Those suppose to be set aside for use.
You can use regex to filter sh ip nat translations to check if port is currently in use:
#sh ip nat translations | i :3389|:3390 <-- ports that you want to check (3389, 3390)
or
#sh ip nat translations | i 209:3389|209:3390 <- 209 is last octet of WAN's IP address (50.73.7.209)
If nothing is listed (and regex is typed correctly) :) - port is not is use.
You can use regex to filter sh ip nat translations to check if port is currently in use:
#sh ip nat translations | i :3389|:3390 <-- ports that you want to check (3389, 3390)
or
#sh ip nat translations | i 209:3389|209:3390 <- 209 is last octet of WAN's IP address (50.73.7.209)
If nothing is listed (and regex is typed correctly) :) - port is not is use.
Got it,
I will check in AM, its mid night here and going to get some ZZZZZZZZZzzzzz
Merry Christmas
Thank you for all of your help
Respectfully
J.Pineiro
I will check in AM, its mid night here and going to get some ZZZZZZZZZzzzzz
Merry Christmas
Thank you for all of your help
Respectfully
J.Pineiro
Perdrag,
Here is the out put of the commands you suggested I run.
login as: admin
Using keyboard-interactive authentication.
Password:
R0NWGS#sh ip nat translations | i :3389|:3390
R0NWGS#
R0NWGS#
R0NWGS#sh ip nat translations | i 209:3389|209:3390
R0NWGS#
R0NWGS#
R0NWGS#
That would suggest that its a bug, correct???
Here is the out put of the commands you suggested I run.
login as: admin
Using keyboard-interactive authentication.
Password:
R0NWGS#sh ip nat translations | i :3389|:3390
R0NWGS#
R0NWGS#
R0NWGS#sh ip nat translations | i 209:3389|209:3390
R0NWGS#
R0NWGS#
R0NWGS#
That would suggest that its a bug, correct???
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
At this point I'll call Cisco to see if there is an update.
Thank you for all of your time and help with this issue.
Respectfully
J.Pineiro
Thank you for all of your time and help with this issue.
Respectfully
J.Pineiro
Yes...
Thank you...
It should only be for Juan Pineiro...
NOAD should not even come up
Thank you...
It should only be for Juan Pineiro...
NOAD should not even come up
Probably one rule has this port already assigned.