Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1098
Views
0
Helpful
7
Replies

Xbox live

micwill3
Cisco Employee
Cisco Employee

‎11-28-2011 03:45 PM - edited ‎03-11-2019 02:56 PM

I have an ASA 5501 running latest code. Per the article at http://support.microsoft.com/kb/908874, I need to open the below ports. I have 5 Xboxes (when people come over) and they all have a static IP. My network is 192.168.0.x and is a /24 network.

Xbox LIVE requires the following ports to be open:

  • Port 88 (UDP)
  • Port 3074 (UDP and TCP)
  • Port 53 (UDP and TCP)
  • Port 80 (TCP)
  • port 1863 (UDP and TCP) (Kinnect)

I defined the various network ports as a service and then created 5 hosts called xbox1, 2, etc with a static IP.

I dont have access from the command line (forgot telnet and ssh passwords) , so from the gui, what do I do next?

Thanks

Labels:
0 Helpful
7 Replies 7

Julio Carvajal
VIP Alumni
VIP Alumni

‎11-28-2011 04:31 PM

Hello Michael,

Do you have ASDM access that you can use to configure the ASA, if not you will need to perform a password recovery and then open those ports.

http://tools.cisco.com/squish/3ec1d

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

micwill3
Cisco Employee
Cisco Employee
In response to Julio Carvajal

‎11-28-2011 06:38 PM

Yes I do have ADSM.

0 Helpful

Julio Carvajal
VIP Alumni
VIP Alumni
In response to micwill3

‎11-29-2011 09:04 AM

Hello Michael,

So you already have a static one to one translation for those particular xbox units( each one of them has a public ip) right??

Now all you need to do is to create an acl on inbound direction on the outside interface opening the ports you need.

Let me know if this is enough clear.

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

micwill3
Cisco Employee
Cisco Employee
In response to Julio Carvajal

‎11-29-2011 09:06 AM

Sorry, I don’t have a clue on what to do next nor how to do it.

0 Helpful

Julio Carvajal
VIP Alumni
VIP Alumni
In response to micwill3

‎11-29-2011 09:13 AM

Hello Michael,

Okay I want you to go to the comman-line interface on the ASDM,that  its on the Tools tab.

Now I want you to add the following commands:

Show run static ( From this output I will need the ones with the private IP address of the xbox machines)

Show run access-group ( From this I will need you to focus on the one that says access-group xxx in interface outside)

show run access-list xxxx ( Where the xxx is the one from the access-group we disccused before)

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

micwill3
Cisco Employee
Cisco Employee
In response to Julio Carvajal

‎11-29-2011 09:17 AM

OK, thanks for the help. It will be tonight before I can do this as I am remote and don’t allow access from the outside interface.

0 Helpful

Julio Carvajal
VIP Alumni
VIP Alumni
In response to micwill3

‎11-29-2011 09:23 AM

Hello Michael,

I am more than glad to help,let me know any updates.

Please rate helpful posts!!!

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card