• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

More xbox live ....

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2000 Misc.] >> Gaming >> More xbox live .... Page: [1]
Login
Message << Older Topic   Newer Topic >>
More xbox live .... - 14.Jan.2003 3:20:00 PM   
alaudan

 

Posts: 8
Joined: 18.May2002
Status: offline
hi,

i cannot connect to xbox live at all :-(
i configured protocol definitions for 3074 TCP out, 3074 UDP send/rec. and for testing purposes i have a protcol rule "allow everything".
the xbox is connected wireless via a linksys wet11 and can be pinged from the inside.
the xbox test says: ip ok, dns ok but "xbox live could not be found". in a trace with netmon i saw that the xbox made a dns resolution but nothing more. after an examination of my isa logs i found the following entry:

192.168.118.210 207.46.247.48 Udp 1257 88 BLOCKED Dialout

for me it looks that the kerberos authentication is blocked, but for sure i have a protocol definition and and a "allow everything" rule too.
why is it blocked???

thank you in advance,
axel
Post #: 1
RE: More xbox live .... - 14.Jan.2003 3:50:00 PM   
shikwan

 

Posts: 15
Joined: 31.Oct.2002
From: PA USA
Status: offline
OK. You have an allow rule but you have to tell ISA- WHO to allow it to. Is your xbox set up like a secureNAT client? Try allowing a rule for your custom protocols & UDP 88 & 53 ONLY for the xbox's ip

(in reply to alaudan)
Post #: 2
RE: More xbox live .... - 14.Jan.2003 5:10:00 PM   
alaudan

 

Posts: 8
Joined: 18.May2002
Status: offline
thanks for the quick response!

so the protocol rule i have is:
action: allow
protocol: all ip traffic
schedule: always
applies to: any request

so i thought in any request is the xbox included?
yes the xbox is a secure nat client, its gateway points direct to the isa server.
i will try to make an explicit xbox protocol rule with all protocols and ports included only for the xbox ip.....

greetings
axel

(in reply to alaudan)
Post #: 3
RE: More xbox live .... - 14.Jan.2003 7:38:00 PM   
shikwan

 

Posts: 15
Joined: 31.Oct.2002
From: PA USA
Status: offline
OK. The gateway should be the ISA server's internal NIC IP.

(in reply to alaudan)
Post #: 4
RE: More xbox live .... - 14.Jan.2003 8:43:00 PM   
alaudan

 

Posts: 8
Joined: 18.May2002
Status: offline
no luck at all...
even an explicit protolol rule does not work.
what i cannot understand is the blocking of the outgoing kerberos request ????

(in reply to alaudan)
Post #: 5
RE: More xbox live .... - 16.Jan.2003 10:53:00 AM   
alaudan

 

Posts: 8
Joined: 18.May2002
Status: offline
hm, i think the only problem is really the blocking of the kerberos protocol:

192.168.118.210 207.46.247.48 Udp 1257 88 BLOCKED Dialout

so i thought the reason is the use of packet filters (which i need for a vpn) and i added a packet filter explicit for kerberos udp 88 but the request is blocked forever.

so does anybody know how to get rid of the blocking of kerberos?

because its not so game related which forum is better for that question?

thanks in advance,
axel

(in reply to alaudan)
Post #: 6
RE: More xbox live .... - 16.Jan.2003 4:41:00 PM   
shikwan

 

Posts: 15
Joined: 31.Oct.2002
From: PA USA
Status: offline
You don't have to create a packet filter to open kerbos ports. The setup should be straight forward:

Define 2 Protocols:

Xbox live 1 (3074 TCP) OUT
Xbox live 2 (3074 UDP) Send Receive

Create a rule to use these protocols as well as DNS Query (53 UDP) & Kerbos-Sec(88 UDP)which are already defined. Setup your xbox as a SecureNAT client with static IP and set the rule to apply ONLY to that static IP.

If this doesn't work then the problem has to be somewhere else in the way you configured ISA.

(in reply to alaudan)
Post #: 7
RE: More xbox live .... - 30.Jan.2003 11:35:00 PM   
Mark321

 

Posts: 10
Joined: 21.Jul.2002
Status: offline
Shikwan your setup and others similar worked for me the 2nd time around. I read about the UDP port 3074 Send/Recieve mine somehow got reversed when i created the 2 3074 port protocol definitions I have a default allow rule for All ip traffic. The only issue i had with an ip was i can create either a static or dhcp ip but when it gets to the dns i have to specify my external isp dns ip's or it wont connect. That works great now. Before i could connect to the xboxserver and get an Ok for the IP settings but when connecting to a game it would say it could not connect. Alls workin great now! Hope this helps some others.

(in reply to alaudan)
Post #: 8
RE: More xbox live .... - 3.Feb.2004 5:49:00 AM   
Arpophyllum

 

Posts: 22
Joined: 9.Nov.2002
From: Bellevue, WA
Status: offline
Check out this link for info about port 88:
XBox setup Tutorial on isaserver.org

The trick is that this will allow you to authenticate (that's what the kerberos port 88 is for), but not download new content.

I haven't figured out the new content part yet. We just give the XBox a direct connection while downloading new content, and it's ok behind ISA to play.

If I ever figure it out I'll post it.

(in reply to alaudan)
Post #: 9
RE: More xbox live .... - 5.Feb.2004 12:56:00 PM   
Guest
If you set up a perimiter network, you can have XBox live download content and play normally as well. (3rd NIC in the ISA box)

(in reply to alaudan)
  Post #: 10

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2000 Misc.] >> Gaming >> More xbox live .... Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts