I have two ports 80 and 443 that come out as open when I scan my outside interface.
I have not nat anything at all from the outside interface ip to anywhere(all it does is just an overload NAT), but I Natted from routable IPs that I have to the same interface on ports 80 443 but obviously those ips are not the same IP as the outside interface IP.
I checked the show udp(other than 18999 which is a cisco bug)
and show tcp brief(other than the mgmt int which is on a different local subnet)
nothing came up, it’s not listening to anything
Output of show ip nat trans
outside interface ip has no translations from 80 or 443(they are all overload nat translations)
One way to close them is to put an ACL, but I want to find out why those 2 ports had opened at the first place?!
I can telnet to those ports and they came out open on port scanner as well
possibly there is an active connection to the outside using 80 or 443 ?
Try and block one of these ports with the command:
ip nat settings interface-overload block port
Hello @George-Sl ,
you can have an http server and https server running for management purposes and this could explain why the ports are open.
Hope to help
show run | inc http
no ip http server
no ip http secure-server
besides I said I ran the show tcp brief
and nothing shows up other than one connection from my management interface
on port 22 on a different interface(mgmt interface/mgmt vrf) on a different IP.