Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

Disturbing Traffic from ASA

We have an ASA that has a private IP on the outside interface (, and it's NATed to a public IP at the Internet router. While troubleshooting a problem, we looked at the NAT translations at the Internet router and saw the following for the ASA:

tcp x.x.x.251:443
tcp x.x.x.251:443
tcp x.x.x.251:443
udp x.x.x.251:443
tcp x.x.x.251:25941
tcp x.x.x.251:27288
tcp x.x.x.251:39315
tcp x.x.x.251:46456
tcp x.x.x.251:57384
tcp x.x.x.251:60003
tcp x.x.x.251:60623
tcp x.x.x.251:63408

The ASA accepts SSL VPN connections, so traffic to 443 on the ASA is understandable. However, no outbound traffic is NATed to the outside Interface of the ASA, so I was surprised to see traffic from the ASA to a few different public IPs on ports 80 and 1973. Does anyone know what these might be for? Thanks


Cisco Employee

Hi,I would recommend checking


I would recommend checking the connection information from the ASA device simultaneously using this command:- show conn all and then finding the IP addresses which it seems to be creating the connections to.

Do you have any Botnet filter enabled ?

Thanks and Regards,

Vibhor Amrodia

New Member

I'll have to check on this

I'll have to check on this periodically. Right now, the only connections shown are my ssh and a handful of SSL VPN connections. Thanks for the assistance.


CreatePlease to create content