I have the following issue on a Cisco 7201 Internet-facing router:
TCP port 21 is open all the time and nothing stops it from staying open. There is no service started which keeps this port open, there is also an inbound ACL, assigned on the outside interface which filters everything except SSH from particular outside addresses... TCP port 21 stays open no matter what I do, no matter if I explicitly deny all traffic to this port, Nmap finds it open. Furthermore I tried to open a raw session to this port and according to Wireshark the three-way handshake passed perfectly well, then I was able to send strings which the router successfuly indicated as received with ACK bit, etc.
show tcp brief does not show this activity, there is no process related to FTP which is started, there is an ACL which explicitly denyes any traffic from any source to TCP port 21...nothing helps. It stays open all the time.
One more thing...the exact same behaviour is observed on a Cisco 2811 Internet-facing router. Nothing helps here also.
I find this a disturbing issue, please help me with some ideas..
Thank you for the response! Actually, before posting here, I had already taken care of the ACL and had denied the FTP traffic to check if it will work... It didn't work.
By the way, after some additional investigation, I found that the problem is not on the router I've configured - it is on the upstream provider whose PA IP address space my router (and network behind it) is using. I have mentioned about another router (Cisco 2811) which experiences the same problem - the case here is the same, the provider is the same and obviously he has configured some kind of erroneous forwarding to TCP port 21. For example, when trying to reach FTP port on any unexistent (still unassigned) IP, located behind the network of the provider it opens a FTP session every time...
I'm definitely considering to change the provider! I'm trying to avoid thinking what other problems and misconfigurations he could have introduced in his "network" :-(
Anyway, thank you once again for the answer, I appreciate this!
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...