I'm dealing with my first Cisco ASA (a 5505), using the ASDM interface. I've got to forward HTTP, HTTPS, PPTP and another port to a couple of internal servers.
I'm pretty sure I've got it all figured out, and have successfully (I believe, haven't actually tested yet ;) ) created and applied Static NAT rules for everything above, except HTTPS.
Via the interface I can add the rule for 443, and all looks good, but when I hit [apply] I get the following error, and then the 443/HTTPS entry is removed:
[ERROR] static (inside,outside) tcp interface 443 192.168.0.151 443 netmask 255.255.255.255 tcp 0 0 udp 0 unable to reserve port 443 for static PAT
ERROR: unable to download policy
I've had no problems creating my other rules, and can still successfully create other port rules (i.e.: '4434' as a test) so now I'm at a loss, any ideas?
Thanks in advance.
The Cisco ASDM runs on port 443, so you'll probably have to switch that to a different port before trying to forward 443 to an inside destination.
It sounds as though you may be creating a conflict with the 443 port reservation for your ASDM/HTTPS admin connection. If you've recently purchased the ASA5505 you may still fall within the included technical support that cisco provides. If so, they are really good at gettting people (at least me) past issues like this.
They'll ask for the SN number on the bottom of your device.
Edit: You could also turn off ASDM/HTTPS access and config over ssh or serial. That's were you'll probably head anyway once you get into administrating firewalls like this.