Solved

Open specific ports on ASA5505 for backup appliance

Posted on 2015-02-18
9
351 Views
Last Modified: 2015-02-19
We have installed a Barracuda Backup appliance inside our network protected by a Cisco ASA5505 firewall.  Per Barracuda:

Ports 80/443 and 1194 outbound for both TCP and UDP are required for communication while ports 5120-5129 are used to replicate data to Barracuda Cloud Storage

I have an SBS 2008 Server inhouse so I presume 80/443 are open, however, I need to open ports 1194 and 5120-5129, as the appliance cannot talk to Barracuda at all.  I put old firewall in and was able to activate backup appliance but once put ASA firewall back in, backup appliance stops communicating to Barracuda.

I have access through ASDM or Putty.  I have figured out how to log into ASA5505 via Putty but unsure what to do after that.  ASDM is confusing.

Can anyone provide me with commands to open these ports via Putty or directions to do so through ASDM?  I know how to do this on other firewalls, but this ASA5505 escapes me.
0
Comment
Question by:John Steele
  • 5
  • 4
9 Comments
 
LVL 17

Accepted Solution

by:
Spartan_1337 earned 500 total points
ID: 40616842
All you have to do is log into ASDM and click on Configuration and create an ACL for those ports under "Access Rules" on the "inside"

You can either click on the "inside" and select "add" on the top menu button and it will start the process of adding an ACL, from there you will do the following:
1. Specify the IP address of the appliance as the source
2. Destination is either "any", a specific IP or an IP range/group.
3. Service are the ports you are looking to permit, from here click on the elipsis button (3 dots on the right of the box) and it will open another window with knows ports and services. From here you will add the appropriate group (TCP, TCP/UDP, or IP based on your needs). Once the group is created, you can then add those ports into this group and when you are done just select that group as the "service" you are looking for.

Click OK all the way through and the ACL is created. To verify traffic, just click on the "Monitoring" button and click on "logging" on the bottom left. From there, click on the "view" button and a logging window will appear. Now just type the IP address of your appliance in the "filter by:" box and click on "Filter". Now you will only see the traffic from your appliance and from here you can verify if there are any rules blocking traffic.
0
 

Author Comment

by:John Steele
ID: 40616980
Ok, I did that.  Added Access Rule, selected Interface "inside", specified appliance as source, added new Service with ports I need.  Once I apply it, all internet traffic stopped.  Couldn't get on the web, couldn't check email, etc.  I deleted the rule and the internet and email came back.  I am pretty sure I followed your directions correctly.  Tried it twice.  Same results.
0
 

Author Comment

by:John Steele
ID: 40616985
wouldn't it be interface "outside"?  Looking at the existing SBS rules, they are all under "outside"...???
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 17

Expert Comment

by:Spartan_1337
ID: 40617228
Can you post a screenshot of what you are doing?
Outside is only to be used if you are "hosting" something, SBS for instance needs outside rules for Exchange/OWA, Remote desktop if you use those services.
0
 

Author Comment

by:John Steele
ID: 40617419
ASDMPic.jpgThis is what it looks like with rule setup as outside.  My barracuda apparently turned off during power outage so I have to run over to site to turn it back on.  So have not been able to test this yet.
0
 
LVL 17

Expert Comment

by:Spartan_1337
ID: 40617747
Here is how I have it configured....

Barracuda config example
0
 

Author Closing Comment

by:John Steele
ID: 40619067
Third time was a charm.  Thank you for your help.
0
 
LVL 17

Expert Comment

by:Spartan_1337
ID: 40619125
Glad it worked out.
0
 

Author Comment

by:John Steele
ID: 40619254
Hey Spartan-Thank you very much for such a quick response to my question.  You are appreciated!!
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Setting up a VPN 60 183
ISP Change 14 63
ASA5510 Blocking a Wanted Website/Host 9 26
What is the VPn crypto table on a Cisco ASA? 2 17
If you have an ASA5510 then this sort of thing would be better handled with a CSC Module, however on an ASA5505 thats not an option, and if you want to throw in a quick solution to stop your staff going to facebook during work time, then this is the…
Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question