Xbox 360 Open NAT with Cisco ASA 8.3 or newer

8May/1141

Xbox 360 Open NAT with Cisco ASA 8.3 or newer

I'm just getting on the Xbox 360 bandwagon here, so forgive this post being "late" for most people. But, if you're like me and you're just getting your console, you may have noticed that not everything is going to work properly. To fix this is real simple, and it just following the instructions I posted a while back for port forwarding on 8.3. You'll need to start this off by giving your Xbox 360 a static IP address. This can be done under settings. You'll also need the 3 ports that you're going to have to forward. That's tcp:3074, udp:3074 and udp:88.

Step 1: Create a new object group for your Xbox 360.

asa5505(config)# object network xbox

Step 2: Add the static IP of the Xbox to the network group.

asa5505(config-network-object)# host 10.11.12.13

Step 3: Forward the ports via the NAT command.

asa5505(config-network-object)# nat (inside,outside) static interface service tcp 3074 3074
asa5505(config-network-object)# nat (inside,outside) static interface service udp 3074 3074
asa5505(config-network-object)# nat (inside,outside) static interface service udp 88 88

Step 4: Exit back to the root and add the access lists

asa5505(config)# access-list outside_access_in extended permit tcp any object xbox eq 3074
asa5505(config)# access-list outside_access_in extended permit udp any object xbox eq 3074
asa5505(config)# access-list outside_access_in extended permit udp any object xbox eq 88

That's it! If need to know exactly what's going on here, please check my previous post on port forwarding. If you do your work through the ASDM, just use my post on port forwarding via the ASDM and make the necessary changes to ports, IP addresses and names. Now you just need to go to your Xbox 360 and retest the connection. You'll see that no longer does it say that you are using restricted NAT! Also, if you're having issues with voice over Xbox Live, this should solve those problems.

EDIT 7/12/2011

After further review, I realize that I'm an idiot. You can't add more than one NAT statement to a network object. Create 3 seperate objects (I called them xbox1, xbox2 and xbox3) and add one NAT statement per object. Once you do that, adjust the ACL accordingly.

Tagged as: 360, 8.3, ASA, Cisco, forward, nat, open, open nat, PIX, port, voice, xbox Leave a comment

jangeli

So I’ve been trying to follow this guide to get an xbox working, and I’ve found some very obvious errors that are explained in your other article here:http://www.gregledet.net/?p=529 that very one on port forwarding.

1.In the port forwarding post you explained that you can only forward one port per object group…..this article has you forwarding 3 ports. I was wondering why only one port forward would show up in my running-config and this is why….only one can be applied. You would have to configure a new object group to make it work (eg. object network xboxb, object network xboxc, etc.).
2. Your Step 3 is also incorrect. If you try to type that in, you will get an incomplete command. Again, if you refer to your port forwarding post you can see the complete command….you need to indicate the port you are forwarding to (eg,
# nat (inside,outside) static interface service tcp 3074 3074)And finally, I am still sort of new to version 8.3. Do you not need to apply access lists to an interface in order for them tobe affective?
http://www.gregoryledet.com Greg Ledet

Julie, first off, are you running 8.3 or later? Secondly, please look at the prompts…
jangeli

Yes I am running 8.3. I’ve done some more research on it, and I see how they have changed things around so that you don’t apply to interfaces, you apply it to the network objects. It’s an interesting change.
I’ve also read and re-read all of your posts. I’m still not understanding how you can apply more than one port forward to an object group, nor why in step 3 the commands are missing that last port. Sorry, maybe you can clarify this since you have been running version 8.3 longer than I have. Thanks!
http://equinejointsupplements.blogspot.com Ricardo

I like it. But I think I have enough money to buy it. Ouch!
http://thesistown.com/writing/basics/dissertation-proposals dissertation proposal

like i very much!!!!!!!!!!!!!! thnaks!
http://termpaperwriter.org/ research paper

Great post. I love getting into flow during work, and you’re tips for achieving flow during the day and the week are well thought out.
http://termpaperwriter.org/ research paper

Thanks for sharing info. Keep up the good work…
http://sosnovskij.ru/webpromo/ web promo

I found lots of interesting information here. The post was professionally written and I feel like the author has extensive knowledge in the subject. Thanks you for the info.
http://thesistown.com/ thesis writing service

Cool thing! thanks for sharing.

I
did’tknow that.I hope it`s work, couse I don`t like work with NAT and I never like create access-list ))Thanks man))
Whitetiger78

Great Post! Didnt know how to do this with the new 8.3 ios
http://www.youtube.com/watch?v=PUTqTuQIzKc getessay.com

Hm. interesting, but i don`t think that it wiil be very useful for me. I don`t like wok with NAT.
http://sosnovskij.ru/webpromo/ ????????

Great information here, thanks for sharing this valuable information!
http://dissertation-service.co.uk/freelance-writing-jobs-online writing jobs online

Cisco forever!)))
Xeyed4good

How about for dynamic port ranges it would appear I have to add 50+ entries to get to open nat with ASA? Right now using a port range it is defined as moderate nat. thoughts?
http://customresearchpaper.net/ custom research paper

Thanks
a lot for sharing. You have done a brilliant job. Your article is truly
relevant to my study at this moment, and I am really happy I discovered your
website.
http://www.masterpapers.com/prices.php buy essay

Really nice post!
Kevinspacey74

Well, you may be correct.online academic writing
http://dissertation-service.co.uk/ buy dissertation

good post! liked it!
http://www.ma-dissertations.com/freelance-writing-jobs writing career

wow cool thanx!
http://getessay.com/ writing essay

Awesome and adorable!
http://www.moncleroutletmall-it.com Moncler Sale

good post! liked it!
http://dissertation-service.co.uk/ dissertation uk

that is an amazing post! i really like it!
J.James

good post! liked it!
http://thesistown.com/ thesis writing

that is an amazing post! i really liked it! you are great!!
http://essaysmonster.com/ essays

Good job. All of them are useful.
TM

This is not working for me at all….

object network xbox360-1
host 192.168.8.21
object network xbox360-2
host 192.168.8.21
object network xbox360-3
host 192.168.8.21
!
object network xbox360-1
nat (inside,outside) static interface service tcp 3074 3074
object network xbox360-2
nat (inside,outside) static interface service udp 3074 3074
object network xbox360-3
nat (inside,outside) static interface service udp 88 88
!
access-list outside-in extended permit tcp any object xbox360-1 eq 3074
access-list outside-in extended permit udp any object xbox360-2 eq 3074
access-list outside-in extended permit udp any object xbox360-3 eq 88
http://termpapermonster.com term paper

Interesting post. Thanks.
http://thesistown.com/ thesis writing service

happy holidays to everyone!!!
http://essaychampions.com/ buy essay

Good job. All of them are useful.
http://researchpapermonster.com/buy-research-paper buy an research paper

Thanks a lot for sharing. You have done a brilliant job.
http://getessay.com/prices/ pay for essay

thank you very much for such a great post!
http://essaychampions.com/ essay writing service

Wow. Truly amazing. I am amazed to see
the efforts put together by the author in making this article alive.
Thanks for sharing.
http://www.shagaholic.com/ adult sex

Thanks for
info
http://tigcig.com/ electronic cigarettes

Thank you for making this site very interesting! Keep going! You’re doing very well!
Bbrooks

This is how I got around it. There may be an easier way, but this worked for me.

object network xbox_tcp_3074
host 10.10.2.32
nat (inside,outside) static interface service tcp 3074 3074
exit
access-list outside_access_in extended permit tcp any object xbox_tcp_3074 eq 3074

object network xbox_udp_3074
host 10.10.2.32
nat (inside,outside) static interface service udp 3074 3074
exit
access-list outside_access_in extended permit udp any object xbox_udp_3074 eq 3074

object network xbox_udp_88
host 10.10.2.32
nat (inside,outside) static interface service udp 88 88
exit
access-list outside_access_in extended permit udp any object xbox_udp_88 eq 88
http://termpaperforme.com/ term paper

I enjoyed reading your articles. This is truly a great read for me. I have bookmarked it and I am looking forward to reading new articles. Keep up the good work.
http://www.macmakeuporder.com/ mac makeup wholesale

I am visiting here first time and really glad to found this blog.
http://runfaces.com/ chatting online

Thanks for sharing your thoughts. Keep up the good job in posting very good topics.
http://www.lowbudget-pharmacy.com/ Alazne

Thanks for such detailed instruction!
http://twitter.com/#!/Essay___Writer essaywriter.org

agreed with you!
http://essaychart.com/samedayessay-review.html samedayessay.com

Amazing post! Thanks a lot!!

QoS issues on Cisco 2960′s. (High CPU Utilization) » « Preparing for my JNCIA-EX

GregLedet.net Adventures in networking, security, and other things

Xbox 360 Open NAT with Cisco ASA 8.3 or newer

Categories

Blogroll

Social Networking

Recent Comments

Meta

Certifications

Sponsors