Open specific ports on ASA5505 for backup appliance

Posted on 2015-02-18
Last Modified: 2015-02-19
We have installed a Barracuda Backup appliance inside our network protected by a Cisco ASA5505 firewall.  Per Barracuda:

Ports 80/443 and 1194 outbound for both TCP and UDP are required for communication while ports 5120-5129 are used to replicate data to Barracuda Cloud Storage

I have an SBS 2008 Server inhouse so I presume 80/443 are open, however, I need to open ports 1194 and 5120-5129, as the appliance cannot talk to Barracuda at all.  I put old firewall in and was able to activate backup appliance but once put ASA firewall back in, backup appliance stops communicating to Barracuda.

I have access through ASDM or Putty.  I have figured out how to log into ASA5505 via Putty but unsure what to do after that.  ASDM is confusing.

Can anyone provide me with commands to open these ports via Putty or directions to do so through ASDM?  I know how to do this on other firewalls, but this ASA5505 escapes me.
Question by:John Steele
  • 5
  • 4
LVL 17

Accepted Solution

Spartan_1337 earned 500 total points
ID: 40616842
All you have to do is log into ASDM and click on Configuration and create an ACL for those ports under "Access Rules" on the "inside"

You can either click on the "inside" and select "add" on the top menu button and it will start the process of adding an ACL, from there you will do the following:
1. Specify the IP address of the appliance as the source
2. Destination is either "any", a specific IP or an IP range/group.
3. Service are the ports you are looking to permit, from here click on the elipsis button (3 dots on the right of the box) and it will open another window with knows ports and services. From here you will add the appropriate group (TCP, TCP/UDP, or IP based on your needs). Once the group is created, you can then add those ports into this group and when you are done just select that group as the "service" you are looking for.

Click OK all the way through and the ACL is created. To verify traffic, just click on the "Monitoring" button and click on "logging" on the bottom left. From there, click on the "view" button and a logging window will appear. Now just type the IP address of your appliance in the "filter by:" box and click on "Filter". Now you will only see the traffic from your appliance and from here you can verify if there are any rules blocking traffic.

Author Comment

by:John Steele
ID: 40616980
Ok, I did that.  Added Access Rule, selected Interface "inside", specified appliance as source, added new Service with ports I need.  Once I apply it, all internet traffic stopped.  Couldn't get on the web, couldn't check email, etc.  I deleted the rule and the internet and email came back.  I am pretty sure I followed your directions correctly.  Tried it twice.  Same results.

Author Comment

by:John Steele
ID: 40616985
wouldn't it be interface "outside"?  Looking at the existing SBS rules, they are all under "outside"...???
LVL 17

Expert Comment

ID: 40617228
Can you post a screenshot of what you are doing?
Outside is only to be used if you are "hosting" something, SBS for instance needs outside rules for Exchange/OWA, Remote desktop if you use those services.
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!


Author Comment

by:John Steele
ID: 40617419
ASDMPic.jpgThis is what it looks like with rule setup as outside.  My barracuda apparently turned off during power outage so I have to run over to site to turn it back on.  So have not been able to test this yet.
LVL 17

Expert Comment

ID: 40617747
Here is how I have it configured....

Barracuda config example

Author Closing Comment

by:John Steele
ID: 40619067
Third time was a charm.  Thank you for your help.
LVL 17

Expert Comment

ID: 40619125
Glad it worked out.

Author Comment

by:John Steele
ID: 40619254
Hey Spartan-Thank you very much for such a quick response to my question.  You are appreciated!!

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
VPN tunnel up, but no pings or remote resource access 13 95
Cisco Supervisor upgrade to 2T 3 44
Cisco RSTP portfast 3 49
What are acceptable WiFi signal strengths 6 54
When I upgraded my ASA 8.2 to 8.3, I realized that my nonat statement was failing!   The log showed the following error:     %ASA-5-305013: Asymmetric NAT rules matched for forward and reverse flows It was caused by the config upgrade, because t…
Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
Delivering innovative fully-managed cloud services for mission-critical applications requires expertise in multiple areas plus vision and commitment. Meet a few of the people behind the quality services of Concerto.

947 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now