Open specific ports on ASA5505 for backup appliance

We have installed a Barracuda Backup appliance inside our network protected by a Cisco ASA5505 firewall.  Per Barracuda:

Ports 80/443 and 1194 outbound for both TCP and UDP are required for communication while ports 5120-5129 are used to replicate data to Barracuda Cloud Storage

I have an SBS 2008 Server inhouse so I presume 80/443 are open, however, I need to open ports 1194 and 5120-5129, as the appliance cannot talk to Barracuda at all.  I put old firewall in and was able to activate backup appliance but once put ASA firewall back in, backup appliance stops communicating to Barracuda.

I have access through ASDM or Putty.  I have figured out how to log into ASA5505 via Putty but unsure what to do after that.  ASDM is confusing.

Can anyone provide me with commands to open these ports via Putty or directions to do so through ASDM?  I know how to do this on other firewalls, but this ASA5505 escapes me.
John SteeleAsked:
Who is Participating?
 
James HIT DirectorCommented:
All you have to do is log into ASDM and click on Configuration and create an ACL for those ports under "Access Rules" on the "inside"

You can either click on the "inside" and select "add" on the top menu button and it will start the process of adding an ACL, from there you will do the following:
1. Specify the IP address of the appliance as the source
2. Destination is either "any", a specific IP or an IP range/group.
3. Service are the ports you are looking to permit, from here click on the elipsis button (3 dots on the right of the box) and it will open another window with knows ports and services. From here you will add the appropriate group (TCP, TCP/UDP, or IP based on your needs). Once the group is created, you can then add those ports into this group and when you are done just select that group as the "service" you are looking for.

Click OK all the way through and the ACL is created. To verify traffic, just click on the "Monitoring" button and click on "logging" on the bottom left. From there, click on the "view" button and a logging window will appear. Now just type the IP address of your appliance in the "filter by:" box and click on "Filter". Now you will only see the traffic from your appliance and from here you can verify if there are any rules blocking traffic.
0
 
John SteeleAuthor Commented:
Ok, I did that.  Added Access Rule, selected Interface "inside", specified appliance as source, added new Service with ports I need.  Once I apply it, all internet traffic stopped.  Couldn't get on the web, couldn't check email, etc.  I deleted the rule and the internet and email came back.  I am pretty sure I followed your directions correctly.  Tried it twice.  Same results.
0
 
John SteeleAuthor Commented:
wouldn't it be interface "outside"?  Looking at the existing SBS rules, they are all under "outside"...???
0
Get Certified for a Job in Cybersecurity

Want an exciting career in an emerging field? Earn your MS in Cybersecurity and get certified in ethical hacking or computer forensic investigation. WGU’s MSCSIA degree program was designed to meet the most recent U.S. Department of Homeland Security (DHS) and NSA guidelines.  

 
James HIT DirectorCommented:
Can you post a screenshot of what you are doing?
Outside is only to be used if you are "hosting" something, SBS for instance needs outside rules for Exchange/OWA, Remote desktop if you use those services.
0
 
John SteeleAuthor Commented:
ASDMPic.jpgThis is what it looks like with rule setup as outside.  My barracuda apparently turned off during power outage so I have to run over to site to turn it back on.  So have not been able to test this yet.
0
 
James HIT DirectorCommented:
Here is how I have it configured....

Barracuda config example
0
 
John SteeleAuthor Commented:
Third time was a charm.  Thank you for your help.
0
 
James HIT DirectorCommented:
Glad it worked out.
0
 
John SteeleAuthor Commented:
Hey Spartan-Thank you very much for such a quick response to my question.  You are appreciated!!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.