Hi,
I'm hoping some of the cisco guru's out there might be able to help. I'm having a small issue with my 877w ISR. All i am wanting to do is allow my XBOX 360 traffic for Xbox live. I'm using the "Zone Based Firewall" not CBAC. For whatever reason my version of SDM (2.5) / Windows 7 / Java Version 5.0 Update 15 decides to randomly display "Blank" windows when configuring my router so i am trying to configure the router via the CLI. I have configured the following. Can anyone tell me where i am going wrong
(PS I'm not a complete cisco n00b, i've passed my CCNA recently etc but im no expert. I know CCNA is no big deal, just trying to give an indication of knowledge 
)
I've created the following access-list, as per directions on Microsoft Xbox Live website (I know it should be a little more restrictive than any/any but i will hopefully tweak it afterwards :
I've created the class-map:
Added the class-map to the default sdm-inspect policy-map:
The zones have been configured, as well as the "Zone-Pairs", Internet traffic etc, all ok:
Still ends up "NAT MODERATE", any ideas? (Apologies if i'm barking up the wrong tree here, by all means point and laugh. I have 2 xbox's so i would prefer to configure it this way than using static NAT
ORT statements if possible)
Cheers,
$c8t@
I'm hoping some of the cisco guru's out there might be able to help. I'm having a small issue with my 877w ISR. All i am wanting to do is allow my XBOX 360 traffic for Xbox live. I'm using the "Zone Based Firewall" not CBAC. For whatever reason my version of SDM (2.5) / Windows 7 / Java Version 5.0 Update 15 decides to randomly display "Blank" windows when configuring my router so i am trying to configure the router via the CLI. I have configured the following. Can anyone tell me where i am going wrong
(PS I'm not a complete cisco n00b, i've passed my CCNA recently etc but im no expert. I know CCNA is no big deal, just trying to give an indication of knowledge )I've created the following access-list, as per directions on Microsoft Xbox Live website (I know it should be a little more restrictive than any/any but i will hopefully tweak it afterwards :
Code:
ip access-list extended XBOX_360
permit udp any any eq 88
permit udp any any eq 3074
permit tcp any any eq 3074
permit tcp any any eq www
permit udp any any eq domain
permit tcp any any eq domainI've created the class-map:
Code:
class-map type inspect match-any xbox-360
match access-group name XBOX_360Added the class-map to the default sdm-inspect policy-map:
Code:
policy-map type inspect sdm-inspect
class type inspect xbox-360
inspectThe zones have been configured, as well as the "Zone-Pairs", Internet traffic etc, all ok:
Code:
zone-pair security sdm-zp-in-out source in-zone destination out-zone
service-policy type inspect sdm-inspectStill ends up "NAT MODERATE", any ideas?
(Apologies if i'm barking up the wrong tree here, by all means point and laugh. I have 2 xbox's so i would prefer to configure it this way than using static NATORT statements if possible)Cheers,
$c8t@
Last edited:
