Buy or Renew
Buy or Renew
COMING SOON: Umbrella and Secure Access release notes are coming to Cisco Community. The community will be in read-only August 16 – 19. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
607
Views
0
Helpful
3
Replies

All Cisco RV345 routers talking with 50.116.60.16 or 50.116.18.64

Go to solution
TiredITGuy
Level 1
Level 1

‎08-23-2021 12:12 PM

On a Cisco RV345, under Status and Statistics -> TCP/IP Services -> Established Connections Status there is communication  on all of our RV345 routers on the foreign port 443 with either 50.116.60.16 or 50.116.18.64. Apparently this is a cloud hosting company (Linode). Does anyone know what this is for?

 

I can only assume this is for Cisco updates. Doesn't seem to be a NTP or a DNS Server. Two routers seem to have a persistent connection.

 

Just curious,

AJ

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
nagrajk1969
Spotlight
Spotlight

‎08-24-2021 06:38 PM

In case you are not using PnP service on your RV34X routers, try with disabling the PnP service (under System-Mgmnt page i guess). Maybe this may solve your issue. Also subsequently, just once, do apply/permanent-save-to-startup and reboot (especially after disabling pnp), and check again..and observe for a few days. Dont reboot again.

 

If the "foreign port" is 443, that means that some service on the RV345 is the https client and is connected to the remote https-server 50.116...16..

 

Generally the only services that this router itself would connect as a client to a remote-service is for PnP, Automatic-Software-Updates, and/or connecting to Cisco-Smart-Licensing server, or the Antivirus-signature-update, web-filtering-database update...ONLY. I maybe missing some other service that iam not aware of at this time...

 

 

 

 

 

View solution in original post

0 Helpful
3 Replies 3

Go to solution
marce1000
VIP
VIP

‎08-24-2021 12:25 AM

 

       - Can you examine the full logs for this network traffic on the RV , what is  the source-address ?

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

Go to solution
nagrajk1969
Spotlight
Spotlight

‎08-24-2021 06:38 PM

In case you are not using PnP service on your RV34X routers, try with disabling the PnP service (under System-Mgmnt page i guess). Maybe this may solve your issue. Also subsequently, just once, do apply/permanent-save-to-startup and reboot (especially after disabling pnp), and check again..and observe for a few days. Dont reboot again.

 

If the "foreign port" is 443, that means that some service on the RV345 is the https client and is connected to the remote https-server 50.116...16..

 

Generally the only services that this router itself would connect as a client to a remote-service is for PnP, Automatic-Software-Updates, and/or connecting to Cisco-Smart-Licensing server, or the Antivirus-signature-update, web-filtering-database update...ONLY. I maybe missing some other service that iam not aware of at this time...

 

 

 

 

 

0 Helpful

Go to solution
TiredITGuy
Level 1
Level 1
In response to nagrajk1969

‎08-24-2021 11:32 PM

Thank you marce1000 and nagrajik1969 for your response.

 

I already have PnP disabled for all the routers. I pulled the full report (down to the level of debugging) from three of the routers and I couldn't find any communication to the previous public IPs. However, the reports are limited to a couple of hours before they rewrite. I tried triggering an update check to see if those IPs would appear (they didn't). The source IP is our public IP address, not an internal IP.

 

I believe you are correct that the routers are sometimes connecting to a Cisco service, such as the Cisco-Smart-Licensing server  or Cisco Umbrella. Just curious if someone knew...

 

Thanks again

0 Helpful
Customers Also Viewed These Support Documents