cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
937
Views
0
Helpful
6
Replies

securing ports in nat

aaroncward2
Level 1
Level 1

I have a site that is connected to the internet via T1 into 2811 runing C2800NM-ADVENTERPRISEK9-M), Version 12.4(11)X.  I have noticed that when i do a port scan on the outside nat pool i see well know ports in the closed state .ie...7,21,22,23,25,99,100,80,443.   These pools for end users to access internet.   Does this pose a security risk? What can i change to provide end user access to web but not let these well know ports open?

1 Accepted Solution

Accepted Solutions

@aaron ward

Then in that case its a correct behavior. As it creates a statetable kind of Translation Table only when traffic is originated inside. All the outside originated traffic trying to come inside will be blocked. If you have any static NAT configured for Servers hosted in the environment (higly unlikely without a firewall appliance these days) then only you will see the scan showing open results.

. If the Inside users using web as desired, then all looks good from what you say.

Plz let me know if this was useful.

View solution in original post

6 Replies 6

John Blakley
VIP Alumni
VIP Alumni

I may not understand your question, but if the port is closed then that's ok. There's no security risk if the port is closed, and it depends on the scanner that you're using and with what options on how the scanner reports back. What are you using to scan?

HTH, John *** Please rate all useful posts ***

I am using solar winds port scanner builtin to the engenieer toolkit.

Nandan Mathure
Level 1
Level 1

@aaron ward

Do you mean that when you scanned from outside you couldt see that the mentioned ports are open.?

If yes, then that a normal behavior for dunamic NAT to fuction as a entry is created only when active connection is established from "Inside" to "Outside" . So traffic originating from outside will have no chance to come in and hence you are observing the ports to be closed.

Plz let me know if this is what you wanted to know.

i am scanning the external ip adress from the outside and they are showing up as "closed".  Most of the ip addess show "not responding"

@aaron ward

Then in that case its a correct behavior. As it creates a statetable kind of Translation Table only when traffic is originated inside. All the outside originated traffic trying to come inside will be blocked. If you have any static NAT configured for Servers hosted in the environment (higly unlikely without a firewall appliance these days) then only you will see the scan showing open results.

. If the Inside users using web as desired, then all looks good from what you say.

Plz let me know if this was useful.

OK,  just wanted to be sure.  Thanks!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: