Solved

Open specific ports on ASA5505 for backup appliance

Posted on 2015-02-18
9
327 Views
Last Modified: 2015-02-19
We have installed a Barracuda Backup appliance inside our network protected by a Cisco ASA5505 firewall.  Per Barracuda:

Ports 80/443 and 1194 outbound for both TCP and UDP are required for communication while ports 5120-5129 are used to replicate data to Barracuda Cloud Storage

I have an SBS 2008 Server inhouse so I presume 80/443 are open, however, I need to open ports 1194 and 5120-5129, as the appliance cannot talk to Barracuda at all.  I put old firewall in and was able to activate backup appliance but once put ASA firewall back in, backup appliance stops communicating to Barracuda.

I have access through ASDM or Putty.  I have figured out how to log into ASA5505 via Putty but unsure what to do after that.  ASDM is confusing.

Can anyone provide me with commands to open these ports via Putty or directions to do so through ASDM?  I know how to do this on other firewalls, but this ASA5505 escapes me.
0
Comment
Question by:John Steele
  • 5
  • 4
9 Comments
 
LVL 17

Accepted Solution

by:
Spartan_1337 earned 500 total points
ID: 40616842
All you have to do is log into ASDM and click on Configuration and create an ACL for those ports under "Access Rules" on the "inside"

You can either click on the "inside" and select "add" on the top menu button and it will start the process of adding an ACL, from there you will do the following:
1. Specify the IP address of the appliance as the source
2. Destination is either "any", a specific IP or an IP range/group.
3. Service are the ports you are looking to permit, from here click on the elipsis button (3 dots on the right of the box) and it will open another window with knows ports and services. From here you will add the appropriate group (TCP, TCP/UDP, or IP based on your needs). Once the group is created, you can then add those ports into this group and when you are done just select that group as the "service" you are looking for.

Click OK all the way through and the ACL is created. To verify traffic, just click on the "Monitoring" button and click on "logging" on the bottom left. From there, click on the "view" button and a logging window will appear. Now just type the IP address of your appliance in the "filter by:" box and click on "Filter". Now you will only see the traffic from your appliance and from here you can verify if there are any rules blocking traffic.
0
 

Author Comment

by:John Steele
ID: 40616980
Ok, I did that.  Added Access Rule, selected Interface "inside", specified appliance as source, added new Service with ports I need.  Once I apply it, all internet traffic stopped.  Couldn't get on the web, couldn't check email, etc.  I deleted the rule and the internet and email came back.  I am pretty sure I followed your directions correctly.  Tried it twice.  Same results.
0
 

Author Comment

by:John Steele
ID: 40616985
wouldn't it be interface "outside"?  Looking at the existing SBS rules, they are all under "outside"...???
0
 
LVL 17

Expert Comment

by:Spartan_1337
ID: 40617228
Can you post a screenshot of what you are doing?
Outside is only to be used if you are "hosting" something, SBS for instance needs outside rules for Exchange/OWA, Remote desktop if you use those services.
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 

Author Comment

by:John Steele
ID: 40617419
ASDMPic.jpgThis is what it looks like with rule setup as outside.  My barracuda apparently turned off during power outage so I have to run over to site to turn it back on.  So have not been able to test this yet.
0
 
LVL 17

Expert Comment

by:Spartan_1337
ID: 40617747
Here is how I have it configured....

Barracuda config example
0
 

Author Closing Comment

by:John Steele
ID: 40619067
Third time was a charm.  Thank you for your help.
0
 
LVL 17

Expert Comment

by:Spartan_1337
ID: 40619125
Glad it worked out.
0
 

Author Comment

by:John Steele
ID: 40619254
Hey Spartan-Thank you very much for such a quick response to my question.  You are appreciated!!
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

This is about downgrading PIX Version 8.0(4) & ASDM 6.1(5) to PIX 7.2(4) and ASDM 5.2(4) but with only 64MB RAM and 16MB flash. Background: You have a Cisco Pix 515E which was running on PIX 7.2(4) and its supporting ASDM 5.2(4) without any i…
Overview The Cisco PIX 501, PIX 506e, ASA 5505 and ASA 5510 (most if not all of this information will be relevant to the PIX 515e but I do not have a working configuration handy to verify the validity) are primarily used within small to medium busi…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now