Wednesday 19 August 2015

Cisco ASA 9.x Static NAT with ASDM “Unable to Reserve Port 443”

I was trying to configure a static NAT rule to allow HTTPS traffic to a hosted web server. When I entered the last command I received “Unable to Reserve Port 443”, this was because another service was currently using TCP port 443.

object network Outside_to_Inside_WS
nat (inside,outside) static interface service tcp 80 80
nat (inside,outside) static interface service tcp 443 443

It was Cisco AnyConnect that was causing the problem as the AnyConnect portal was being published on the HTTPS port. I disabled it from Configuration > Remote Access VPN > Network (Client) Access > AnyConnect Connection Profiles. This is a solution provided you are not using AnyConnect for user VPN. 

If you are you can change the port configured to host AnyConnect by clicking Port Settings…