Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4091
Views
0
Helpful
4
Replies

Firewall Access Rules issue with Connectwise Automate

mmatheus96
Level 1
Level 1

‎07-16-2021 11:59 AM

Good day,

 

Please I need your support on the following issue:-

 

We have an existing ASA 5510, installed our ConnectWise remote management tool but the agent is unable to communicate outside.

 

We're also inexperienced with Cisco so any help would be appreciated.

 

I'm leaving attached a log file just in case.

 

Thanks,

 

Marlon.

Preview file
17 KB
0 Helpful
4 Replies 4

Rob Ingram
VIP
VIP

‎07-16-2021 01:35 PM - edited ‎07-16-2021 01:38 PM

@mmatheus96 

What is the source IP address and what protocols does this connectwise application use?

I can see in the logs that outbound DNS requests are being blocked, so if connectwise is doing a DNS lookup then that might explain why it is failing.

 

Amend your ACL "inside_access_in" and permit dns (udp 53). E.g.:

 

access-list inside_access_in permit udp any any eq 53

 

0 Helpful

mmatheus96
Level 1
Level 1
In response to Rob Ingram

‎07-16-2021 02:31 PM

Hi Rob,

 

We have tried that and still wouldn't work....

0 Helpful

Georg Pauwen
VIP
VIP

‎07-16-2021 01:55 PM

Hello,

 

I assume 192.168.1.5 is your ConnectWise Automate server ?

 

Try and add the lines below to your access list (it looks like random UDP ports are being used):

 

access-list inside_access_in extended permit udp host 192.168.1.5 host 75.75.75.57 range 50000 60000
access-list inside_access_in extended permit udp host 192.168.1.5 host 75.75.75.57 eq 53
access-list inside_access_in extended permit udp host 192.168.1.5 host 8.8.8.8 eq 53

0 Helpful

mmatheus96
Level 1
Level 1
In response to Georg Pauwen

‎07-19-2021 06:15 AM

Hi Georg,

 

We've tried your settings and no luck.

 

However let me give y'all a little bit of background... Our client currently has an ASA5510 installed at their office location, we tried installing our Connectwise Agents in order to remote in from our HQ, had 0 luck so we did some tests and it points back to the Cisco blocking it somehow, the ASA5510 we have at our HQ is a second one we took from them to clone it and resolve the issue.

 

What we just did was duplicate the settings across the one we have here and add the settings you and Rob gave us.

 

Let me know if you have any questions.

 

Thank you!

Preview file
17 KB
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card