cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1041
Views
10
Helpful
3
Replies

Open Ports On my ASR 1000

George-Sl
Level 1
Level 1

I have two ports 80 and 443 that come out as open when I scan my outside interface.
I have not nat anything at all from the outside interface ip to anywhere(all it does is just an overload NAT), but I Natted from routable IPs that I have to the same interface on ports 80 443 but obviously those ips are not the same IP as the outside interface IP.
I checked the show udp(other than 18999 which is a cisco bug)
and show tcp brief(other than the mgmt int which is on a different local subnet)
nothing came up, it’s not listening to anything
Output of show ip nat trans
outside interface ip has no translations from 80 or 443(they are all overload nat translations)
One way to close them is to put an ACL, but I want to find out why those 2 ports had opened at the first place?!
I can telnet to those ports and they came out open on port scanner as well

3 Replies 3

Hello,

 

possibly there is an active connection to the outside using 80 or 443 ?

 

Try and block one of these ports with the command:

 

ip nat settings interface-overload block port 

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello @George-Sl ,

you can have an http server and https server running for management purposes and this could explain why the ports are open.

 

Hope to help

Giuseppe

 

show run | inc http

no ip http server

no ip http secure-server

 

besides I said I ran the show tcp brief

and nothing shows up other than one connection from my management interface

on port 22 on a different interface(mgmt interface/mgmt vrf) on a different IP.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: