Open specific ports on ASA5505 for backup appliance

Posted on 2015-02-18
Last Modified: 2015-02-19
We have installed a Barracuda Backup appliance inside our network protected by a Cisco ASA5505 firewall.  Per Barracuda:

Ports 80/443 and 1194 outbound for both TCP and UDP are required for communication while ports 5120-5129 are used to replicate data to Barracuda Cloud Storage

I have an SBS 2008 Server inhouse so I presume 80/443 are open, however, I need to open ports 1194 and 5120-5129, as the appliance cannot talk to Barracuda at all.  I put old firewall in and was able to activate backup appliance but once put ASA firewall back in, backup appliance stops communicating to Barracuda.

I have access through ASDM or Putty.  I have figured out how to log into ASA5505 via Putty but unsure what to do after that.  ASDM is confusing.

Can anyone provide me with commands to open these ports via Putty or directions to do so through ASDM?  I know how to do this on other firewalls, but this ASA5505 escapes me.
Question by:John Steele
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
LVL 17

Accepted Solution

James H earned 500 total points
ID: 40616842
All you have to do is log into ASDM and click on Configuration and create an ACL for those ports under "Access Rules" on the "inside"

You can either click on the "inside" and select "add" on the top menu button and it will start the process of adding an ACL, from there you will do the following:
1. Specify the IP address of the appliance as the source
2. Destination is either "any", a specific IP or an IP range/group.
3. Service are the ports you are looking to permit, from here click on the elipsis button (3 dots on the right of the box) and it will open another window with knows ports and services. From here you will add the appropriate group (TCP, TCP/UDP, or IP based on your needs). Once the group is created, you can then add those ports into this group and when you are done just select that group as the "service" you are looking for.

Click OK all the way through and the ACL is created. To verify traffic, just click on the "Monitoring" button and click on "logging" on the bottom left. From there, click on the "view" button and a logging window will appear. Now just type the IP address of your appliance in the "filter by:" box and click on "Filter". Now you will only see the traffic from your appliance and from here you can verify if there are any rules blocking traffic.

Author Comment

by:John Steele
ID: 40616980
Ok, I did that.  Added Access Rule, selected Interface "inside", specified appliance as source, added new Service with ports I need.  Once I apply it, all internet traffic stopped.  Couldn't get on the web, couldn't check email, etc.  I deleted the rule and the internet and email came back.  I am pretty sure I followed your directions correctly.  Tried it twice.  Same results.

Author Comment

by:John Steele
ID: 40616985
wouldn't it be interface "outside"?  Looking at the existing SBS rules, they are all under "outside"...???
What, When and Where - Security Threats from Q1

Join Corey Nachreiner, CTO, and Marc Laliberte, Information Security Threat Analyst, on July 26th as they explore their key findings from the first quarter of 2017.

LVL 17

Expert Comment

by:James H
ID: 40617228
Can you post a screenshot of what you are doing?
Outside is only to be used if you are "hosting" something, SBS for instance needs outside rules for Exchange/OWA, Remote desktop if you use those services.

Author Comment

by:John Steele
ID: 40617419
ASDMPic.jpgThis is what it looks like with rule setup as outside.  My barracuda apparently turned off during power outage so I have to run over to site to turn it back on.  So have not been able to test this yet.
LVL 17

Expert Comment

by:James H
ID: 40617747
Here is how I have it configured....

Barracuda config example

Author Closing Comment

by:John Steele
ID: 40619067
Third time was a charm.  Thank you for your help.
LVL 17

Expert Comment

by:James H
ID: 40619125
Glad it worked out.

Author Comment

by:John Steele
ID: 40619254
Hey Spartan-Thank you very much for such a quick response to my question.  You are appreciated!!

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When speed and performance are vital to revenue, companies must have complete confidence in their cloud environment.
On Feb. 28, Amazon’s Simple Storage Service (S3) went down after an employee issued the wrong command during a debugging exercise. Among those affected were big names like Netflix, Spotify and Expedia.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
Suggested Courses

627 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question