Cisco ASA 5505; Can't forward port 443: Why am I getting "Error: unable to download policy"?

cisco nat port-forwarding cisco-asa
8,682

Solution 1

The Cisco ASDM runs on port 443, so you'll probably have to switch that to a different port before trying to forward 443 to an inside destination.

Solution 2

It sounds as though you may be creating a conflict with the 443 port reservation for your ASDM/HTTPS admin connection. If you've recently purchased the ASA5505 you may still fall within the included technical support that cisco provides. If so, they are really good at gettting people (at least me) past issues like this.

TAC support is at 1-800-553-2447

[email protected]

They'll ask for the SN number on the bottom of your device.

Edit: You could also turn off ASDM/HTTPS access and config over ssh or serial. That's were you'll probably head anyway once you get into administrating firewalls like this.

Share:
8,682

Related videos on Youtube

techie007
Author by

techie007

Updated on September 17, 2022

Comments

  • techie007
    techie007 over 1 year

    I'm dealing with my first Cisco ASA (a 5505), using the ASDM interface. I've got to forward HTTP, HTTPS, PPTP and another port to a couple of internal servers.

    I'm pretty sure I've got it all figured out, and have successfully (I believe, haven't actually tested yet ;) ) created and applied Static NAT rules for everything above, except HTTPS.

    Via the interface I can add the rule for 443, and all looks good, but when I hit [apply] I get the following error, and then the 443/HTTPS entry is removed:

    [ERROR] static (inside,outside) tcp interface 443 192.168.0.151 443 netmask 255.255.255.255 tcp 0 0 udp 0 unable to reserve port 443 for static PAT

    ERROR: unable to download policy

    I've had no problems creating my other rules, and can still successfully create other port rules (i.e.: '4434' as a test) so now I'm at a loss, any ideas?

    Thanks in advance.

  • Zypher
    Zypher about 14 years
    <pedantic>ASAs are NATing firewalls, not routers :)</pedantic>
  • techie007
    techie007 about 14 years
    Thanks for providing the same answer only a minute or so later, I +1'd you for giving me the phone number. :)
  • Patrick R
    Patrick R about 14 years
    @Zypher - thanks - I have three of them myself and know that - apparently I need some sleep.
  • Patrick R
    Patrick R about 14 years
    Erik beat me because I had to walk over to my device to verify the physical location of the SN;).
  • Patrick R
    Patrick R about 14 years
    +1 to Erik from slow poke.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Cisco ASA 8.4 port forwarding
Why can I not ping my host behind the firewall? Cisco asa 5505
Port Forwarding on Cisco Router
Cisco ASA 5505 - NAT or Port Forward for SIP / VoIP ver 8.4
Cisco ASA5505 - Unable to ping DMZ from Inside interface
Cisco ASA 5520 Unable to access external IP on Internal Network
Trying to setup NAT from 2 outside IPs to the same private IP
cisco ip nat / port forwarding
Create NAT rule and security policies for port 443/80 on a Cisco ASA 5510
Cisco ASA not forwarding traffic from one interface to another