I just switched from a Pix 501 to an ASA 5505 on my home network a few weeks ago, but haven't been having any problems playing Halo 3. Using standard outbound dynamic PAT, with no special application filtering rules other than the global defaults. Perhaps you could post a sanitized version of your config and that will shed some light?
I got some clarification on the problem. It looks like students are able to connect to Halo 3 servers on the Internet. However, They cannot connect to servers on the local network. I'm using a Clean Access in-band appliance as the default router. I added policy to their role to allow all TCP/UDP/and ICMP traffic, but they still can't connect.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...