Port 1720 is used for gatekeeper communication using the RAS protocol. Port 5060 is used by SIP. Sounds like you're running voice on your network. If so, these ports could be open for a reason. You may want to investigate the reason before closing the ports. Are the ports open to/from specific hosts? Feel free to post your config if you need further help.
You can disable the router listening on port 5060 by issuing this command:
router(config-sip-ua)#no transport tcp
router(config-sip-ua)#no transport udp
For port 1720, you must configure an Access Control List (ACL), as shown:
Router(config)#access-list 107 deny tcp any any eq 1720
Router(config-if)#ip access-group 107 in
The reason the router listens on port 1720 is likely that you are using an IP PLUS feature set Cisco IOS image.
IP PLUS supports VoIP. It always has a default VoIP dial-peer (dial-peer 0). This listens on port 1720 for H.323 signaling. This behavior cannot be changed since the H.323 stack always runs with this feature set. If you do not want to use an ACL to control this behavior, you can use a feature set that does not support VoIP, such as an IP feature set.
To disable SIP, you need to upgrade to 12.3(8)T or later.
Introduction: The "external-out enable" command is available for
configuration under the "router ospf process" in case of the IOS-XR
operating system. This command basically enables advertisement of
intra-area routes on the device as external routes in th...
IntroductionIn this article we'll discuss how to troubleshoot packet
loss in the asr9000 and specifically understanding the NP drop counters,
what they mean and what you can do to mitigate them. This document will
be an ongoing effort to improve troublesh...