Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1883
Views
16
Helpful
6
Replies

RV345 Established Connections Question

Go to solution
BZ93213
Level 1
Level 1

‎05-01-2021 04:01 PM

Newbie here.  I have an RV345 router setup and noticed that under the established connections screen I see foreign IP addresses from Amazon connected to the WAN ip address of the router.  One has a status of close_wait and has been listed all day.  I have no ports open on the WAN side of the router, so I'm not sure why all these Amazon connections come and go.  Some times the status is established, which doesn't sit well with me.  I see no login attempts in the log files.  Just not sure exactly what is going on and what I should do about it. 

 

In the screenshot below, the 192.168.1.1 address is my PC.  Blacked out IP address is my WAN IP.

 

Any insight would be helpful.  Thanks for your time.

 

Router-Screenshot.JPG

 

0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
kubn2
Level 1
Level 1

‎05-01-2021 04:24 PM

Hi,

 

These are basically connections that you've established from your network towards the Amazon website as the foreign port is 80 and 443. Local IP is WAN IP because you have NAT in place. So when you go from the computer in your network to amazon.com or any other amazon services you will see these connections pop up as you are establishing a connection towards amazon servers. Close_wait is in the situation when you are waiting for the final close message from the application. Established means that someone from your network has active session towards some amazon resources, on the screen I can see mostly www and https so it indicates that someone from your network going to amazon owned websites.

View solution in original post

Go to solution
Sheraz.Salim
VIP
VIP
In response to BZ93213

‎05-01-2021 05:06 PM - edited ‎05-01-2021 05:12 PM

I just did search on this public ip address the one is concerns you. Yes it in Japan and owned by Amazon. you can also check this on cisco talos

 

 

ec2-52-193-136-111.ap-northeast-1.compute.amazonaws.com

 

My Understanding is,

  • CLOSE_WAIT indicates that the remote endpoint (other side of the connection) has closed the connection.
  • TIME_WAIT indicates that local endpoint (this side) has closed the connection

 

you can clear the connection entries or create a access list rule to block this ip address.

here  find a link you can block this ip address with url

 

C:\Users\Family-PC>nslookup 52.193.136.111
Server: dns.google
Address: 8.8.8.8

Name: ec2-52-193-136-111.ap-northeast-1.compute.amazonaws.com
Address: 52.193.136.111

 

please do not forget to rate.

View solution in original post

6 Replies 6

Go to solution
kubn2
Level 1
Level 1

‎05-01-2021 04:24 PM

Hi,

 

These are basically connections that you've established from your network towards the Amazon website as the foreign port is 80 and 443. Local IP is WAN IP because you have NAT in place. So when you go from the computer in your network to amazon.com or any other amazon services you will see these connections pop up as you are establishing a connection towards amazon servers. Close_wait is in the situation when you are waiting for the final close message from the application. Established means that someone from your network has active session towards some amazon resources, on the screen I can see mostly www and https so it indicates that someone from your network going to amazon owned websites.

Go to solution
Sheraz.Salim
VIP
VIP
In response to kubn2

‎05-01-2021 04:36 PM

Just to add what @kubn2 there are many services which are hosted on Amazon for example Netflix etc so  yes it could be the services you running in your home/office router and it showing you the log entries of these Amazon ip address. Amazon is huge so it is excepted to see ip addresses of the services which are hosted by third parites.

please do not forget to rate.

Go to solution
BZ93213
Level 1
Level 1

‎05-01-2021 04:48 PM

Thank you @kubn2 and @Sheraz.Salim for your reply.  My main concern was the 52.193.136.111 address is an IP in Japan.  Just seemed weird to me and I wanted to make sure I didn't have a problem I needed to address.

 

If you don't mind my asking, all WAN incoming ports are closed off and I have router management access only turned on for LAN/VPN and have no VPNs configured.  Additionally router management access can only done from VLAN 1, my PC.  Is there any thing else I should make sure if configured to lock this router down?

 

Again, thank you both for your time.  Really appreciate it!

0 Helpful

Go to solution
Sheraz.Salim
VIP
VIP
In response to BZ93213

‎05-01-2021 05:06 PM - edited ‎05-01-2021 05:12 PM

I just did search on this public ip address the one is concerns you. Yes it in Japan and owned by Amazon. you can also check this on cisco talos

 

 

ec2-52-193-136-111.ap-northeast-1.compute.amazonaws.com

 

My Understanding is,

  • CLOSE_WAIT indicates that the remote endpoint (other side of the connection) has closed the connection.
  • TIME_WAIT indicates that local endpoint (this side) has closed the connection

 

you can clear the connection entries or create a access list rule to block this ip address.

here  find a link you can block this ip address with url

 

C:\Users\Family-PC>nslookup 52.193.136.111
Server: dns.google
Address: 8.8.8.8

Name: ec2-52-193-136-111.ap-northeast-1.compute.amazonaws.com
Address: 52.193.136.111

 

please do not forget to rate.

Go to solution
BZ93213
Level 1
Level 1
In response to Sheraz.Salim

‎05-01-2021 05:20 PM

Just took a look at cisco talos and that is a nice tool.  Didn't know about that, appreciate it.

 

Also thanks for your time and the help.

0 Helpful

Go to solution
Sheraz.Salim
VIP
VIP
In response to BZ93213

‎05-01-2021 05:24 PM

you are welcome. plese do not forget to mark the post if you find it helpful

please do not forget to rate.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card