Firewall Access Rules issue with Connectwise Automate

mmatheus96 · ‎07-16-2021

Good day,

Please I need your support on the following issue:-

We have an existing ASA 5510, installed our ConnectWise remote management tool but the agent is unable to communicate outside.

We're also inexperienced with Cisco so any help would be appreciated.

I'm leaving attached a log file just in case.

Thanks,

Marlon.

Rob Ingram · ‎07-16-2021

@mmatheus96

What is the source IP address and what protocols does this connectwise application use?

I can see in the logs that outbound DNS requests are being blocked, so if connectwise is doing a DNS lookup then that might explain why it is failing.

Amend your ACL "inside_access_in" and permit dns (udp 53). E.g.:

access-list inside_access_in permit udp any any eq 53

mmatheus96 · ‎07-16-2021

Hi Rob,

We have tried that and still wouldn't work....

Georg Pauwen · ‎07-16-2021

Hello,

I assume 192.168.1.5 is your ConnectWise Automate server ?

Try and add the lines below to your access list (it looks like random UDP ports are being used):

access-list inside_access_in extended permit udp host 192.168.1.5 host 75.75.75.57 range 50000 60000
access-list inside_access_in extended permit udp host 192.168.1.5 host 75.75.75.57 eq 53
access-list inside_access_in extended permit udp host 192.168.1.5 host 8.8.8.8 eq 53

mmatheus96 · ‎07-19-2021

Hi Georg,

We've tried your settings and no luck.

However let me give y'all a little bit of background... Our client currently has an ASA5510 installed at their office location, we tried installing our Connectwise Agents in order to remote in from our HQ, had 0 luck so we did some tests and it points back to the Cisco blocking it somehow, the ASA5510 we have at our HQ is a second one we took from them to clone it and resolve the issue.

What we just did was duplicate the settings across the one we have here and add the settings you and Rob gave us.

Let me know if you have any questions.

Thank you!