|
| View previous topic :: View next topic |
| Author |
Message |
Guest
|
 Posted: Tue Oct 02, 2007 4:14 pm Post subject: Getting Open Nat with a Netscreen-5GT ADSL |
 |
|
Hi,
I am using a Netscreen-5GT ADSL to route/protect my internet
connection and cannot seem to get the NAT config correct.
I was previously using a Linksys WRT-54G running DD-WRT and could get
Open NAT for xbox live no probs (either via uPnP or manual port
forwards), but since migrating to the Netscreen, the xbox live diags
always come back saying I have Strict NAT.
I have forwarded the ports (UDP88 and UDP/TCP3074) using a VIP and
have a policy in place to allow the traffic (with logging) and the
Netscreen doesnt seem to even be hit with the packets from the
outside. I have other services such as POP3 and BitTorrent working
fine using the above method.
Using MIP/DIP is not an option for me since my ISP will not assign me
multiple public/routable IPs.
I have tested a few random ALGs (such as SIP and portmapper) on the
long shot thay the Xbox live protocal may work in the same way, but as
expected nothing. I am runnnig ScreenOS 5.0.0r6.e, so I guess its
possible that later versions have a specific ALG for this.
Anyway - my question is, has anyone else got this working with a
Netscreen 5 device? or am I mising something obvious?
Thanks. |
|
| Back to top |
|
 |
Google
Sponsor
|
| Posted: Tue Oct 02, 2007 4:14 pm Post subject: Advertisement |
|
|
|
|
| Back to top |
|
|
rob_kabob
Guest
|
| Posted: Tue Oct 30, 2007 4:18 am Post subject: RE: Getting Open Nat with a Netscreen-5GT ADSL |
|
|
I'm working on this issue as well - let me know if you find a fix and i will
do the same as well. I have a 5gt adsl (wifi) as well.
"malek.dannourah@gmail.com" wrote:
| Quote: | Hi,
I am using a Netscreen-5GT ADSL to route/protect my internet
connection and cannot seem to get the NAT config correct.
I was previously using a Linksys WRT-54G running DD-WRT and could get
Open NAT for xbox live no probs (either via uPnP or manual port
forwards), but since migrating to the Netscreen, the xbox live diags
always come back saying I have Strict NAT.
I have forwarded the ports (UDP88 and UDP/TCP3074) using a VIP and
have a policy in place to allow the traffic (with logging) and the
Netscreen doesnt seem to even be hit with the packets from the
outside. I have other services such as POP3 and BitTorrent working
fine using the above method.
Using MIP/DIP is not an option for me since my ISP will not assign me
multiple public/routable IPs.
I have tested a few random ALGs (such as SIP and portmapper) on the
long shot thay the Xbox live protocal may work in the same way, but as
expected nothing. I am runnnig ScreenOS 5.0.0r6.e, so I guess its
possible that later versions have a specific ALG for this.
Anyway - my question is, has anyone else got this working with a
Netscreen 5 device? or am I mising something obvious?
Thanks.
|
|
|
| Back to top |
|
|
Guest
|
| Posted: Mon Nov 05, 2007 2:32 pm Post subject: Re: Getting Open Nat with a Netscreen-5GT ADSL |
|
|
On 2 Oct, 17:14, malek.dannou...@gmail.com wrote:
| Quote: | Hi,
I am using a Netscreen-5GT ADSL to route/protect my internet
connection and cannot seem to get the NAT config correct.
I was previously using a Linksys WRT-54G running DD-WRT and could get
Open NAT for xbox live no probs (either via uPnP or manual port
forwards), but since migrating to the Netscreen, the xbox live diags
always come back saying I have Strict NAT.
I have forwarded the ports (UDP88 and UDP/TCP3074) using a VIP and
have a policy in place to allow the traffic (with logging) and the
Netscreen doesnt seem to even be hit with the packets from the
outside. I have other services such as POP3 and BitTorrent working
fine using the above method.
Using MIP/DIP is not an option for me since my ISP will not assign me
multiple public/routable IPs.
I have tested a few random ALGs (such as SIP and portmapper) on the
long shot thay the Xbox live protocal may work in the same way, but as
expected nothing. I am runnnig ScreenOS 5.0.0r6.e, so I guess its
possible that later versions have a specific ALG for this.
Anyway - my question is, has anyone else got this working with a
Netscreen 5 device? or am I mising something obvious?
Thanks.
|
I'm also trying to figure this one as well. I've managed to get it as
far as moderate NAT, but not open. I wish I could say what it was that
got it to moderate, as I've just told my IT department (it's a work
VPN router) to assign the xbox's mac address to a static IP, and
forward those ports to it.
if anyone figures out what'll make it 'open', please let me know!
thanks,
chris |
|
| Back to top |
|
|
Chris H
Guest
|
| Posted: Mon Nov 05, 2007 4:52 pm Post subject: Re: Getting Open Nat with a Netscreen-5GT ADSL |
|
|
Just a wild guess here, but I would be the VPN router doesn't support UPnP?
You really need that for Open, but most of the older routers don't natively
support it.
--
Chris H.
Microsoft Windows MVP/Tablet PC
Tablet Creations - http://nicecreations.us/
http://forums.mobilepcworld.net
Associate Expert
Expert Zone - www.microsoft.com/windowsxp/expertzone
<chris.bransden@gmail.com> wrote in message
news:1194273149.923842.101550@o3g2000hsb.googlegroups.com...
| Quote: | On 2 Oct, 17:14, malek.dannou...@gmail.com wrote:
Hi,
I am using a Netscreen-5GT ADSL to route/protect my internet
connection and cannot seem to get the NAT config correct.
I was previously using a Linksys WRT-54G running DD-WRT and could get
Open NAT for xbox live no probs (either via uPnP or manual port
forwards), but since migrating to the Netscreen, the xbox live diags
always come back saying I have Strict NAT.
I have forwarded the ports (UDP88 and UDP/TCP3074) using a VIP and
have a policy in place to allow the traffic (with logging) and the
Netscreen doesnt seem to even be hit with the packets from the
outside. I have other services such as POP3 and BitTorrent working
fine using the above method.
Using MIP/DIP is not an option for me since my ISP will not assign me
multiple public/routable IPs.
I have tested a few random ALGs (such as SIP and portmapper) on the
long shot thay the Xbox live protocal may work in the same way, but as
expected nothing. I am runnnig ScreenOS 5.0.0r6.e, so I guess its
possible that later versions have a specific ALG for this.
Anyway - my question is, has anyone else got this working with a
Netscreen 5 device? or am I mising something obvious?
Thanks.
I'm also trying to figure this one as well. I've managed to get it as
far as moderate NAT, but not open. I wish I could say what it was that
got it to moderate, as I've just told my IT department (it's a work
VPN router) to assign the xbox's mac address to a static IP, and
forward those ports to it.
if anyone figures out what'll make it 'open', please let me know!
thanks,
chris
|
|
|
| Back to top |
|
|
Malek
Guest
|
| Posted: Thu Nov 08, 2007 1:52 pm Post subject: Re: Getting Open Nat with a Netscreen-5GT ADSL |
|
|
Hey Chris - how did you get moderate?
"chris.bransden@gmail.com" wrote:
| Quote: | On 2 Oct, 17:14, malek.dannou...@gmail.com wrote:
Hi,
I am using a Netscreen-5GT ADSL to route/protect my internet
connection and cannot seem to get the NAT config correct.
I was previously using a Linksys WRT-54G running DD-WRT and could get
Open NAT for xbox live no probs (either via uPnP or manual port
forwards), but since migrating to the Netscreen, the xbox live diags
always come back saying I have Strict NAT.
I have forwarded the ports (UDP88 and UDP/TCP3074) using a VIP and
have a policy in place to allow the traffic (with logging) and the
Netscreen doesnt seem to even be hit with the packets from the
outside. I have other services such as POP3 and BitTorrent working
fine using the above method.
Using MIP/DIP is not an option for me since my ISP will not assign me
multiple public/routable IPs.
I have tested a few random ALGs (such as SIP and portmapper) on the
long shot thay the Xbox live protocal may work in the same way, but as
expected nothing. I am runnnig ScreenOS 5.0.0r6.e, so I guess its
possible that later versions have a specific ALG for this.
Anyway - my question is, has anyone else got this working with a
Netscreen 5 device? or am I mising something obvious?
Thanks.
I'm also trying to figure this one as well. I've managed to get it as
far as moderate NAT, but not open. I wish I could say what it was that
got it to moderate, as I've just told my IT department (it's a work
VPN router) to assign the xbox's mac address to a static IP, and
forward those ports to it.
if anyone figures out what'll make it 'open', please let me know!
thanks,
chris
|
|
|
| Back to top |
|
|
Chris H
Guest
|
| Posted: Fri Nov 09, 2007 4:23 pm Post subject: Re: Getting Open Nat with a Netscreen-5GT ADSL |
|
|
I'd make sure your router supports UPnP. If it doesn't, most likely you're
not going to get an Open Network Address Translation. Check with the
support folks for your Internet Service Provider, if they're the ones who
furnished the router.
--
Chris H.
Microsoft Windows MVP/Tablet PC
Tablet Creations - http://nicecreations.us/
http://forums.mobilepcworld.net
Associate Expert
Expert Zone - www.microsoft.com/windowsxp/expertzone
"Malek" <Malek@discussions.microsoft.com> wrote in message
news:8792311C-BBDF-4385-A6E3-E1344D9221B9@microsoft.com...
| Quote: | Hey Chris - how did you get moderate?
"chris.bransden@gmail.com" wrote:
On 2 Oct, 17:14, malek.dannou...@gmail.com wrote:
Hi,
I am using a Netscreen-5GT ADSL to route/protect my internet
connection and cannot seem to get the NAT config correct.
I was previously using a Linksys WRT-54G running DD-WRT and could get
Open NAT for xbox live no probs (either via uPnP or manual port
forwards), but since migrating to the Netscreen, the xbox live diags
always come back saying I have Strict NAT.
I have forwarded the ports (UDP88 and UDP/TCP3074) using a VIP and
have a policy in place to allow the traffic (with logging) and the
Netscreen doesnt seem to even be hit with the packets from the
outside. I have other services such as POP3 and BitTorrent working
fine using the above method.
Using MIP/DIP is not an option for me since my ISP will not assign me
multiple public/routable IPs.
I have tested a few random ALGs (such as SIP and portmapper) on the
long shot thay the Xbox live protocal may work in the same way, but as
expected nothing. I am runnnig ScreenOS 5.0.0r6.e, so I guess its
possible that later versions have a specific ALG for this.
Anyway - my question is, has anyone else got this working with a
Netscreen 5 device? or am I mising something obvious?
Thanks.
I'm also trying to figure this one as well. I've managed to get it as
far as moderate NAT, but not open. I wish I could say what it was that
got it to moderate, as I've just told my IT department (it's a work
VPN router) to assign the xbox's mac address to a static IP, and
forward those ports to it.
if anyone figures out what'll make it 'open', please let me know!
thanks,
chris
|
|
|
| Back to top |
|
|
Malek
Guest
|
| Posted: Sun Nov 11, 2007 3:24 am Post subject: Re: Getting Open Nat with a Netscreen-5GT ADSL |
|
|
It definately does not support uPnP, and is unlikely to ever do so since this
is a corporate grade firewall as opposed to a consumer device. Although, if
I can get as far as moderate NAT, that will be an improvement on strict and
should increase my options online.
"Chris H" wrote:
| Quote: | I'd make sure your router supports UPnP. If it doesn't, most likely you're
not going to get an Open Network Address Translation. Check with the
support folks for your Internet Service Provider, if they're the ones who
furnished the router.
--
Chris H.
Microsoft Windows MVP/Tablet PC
Tablet Creations - http://nicecreations.us/
http://forums.mobilepcworld.net
Associate Expert
Expert Zone - www.microsoft.com/windowsxp/expertzone
"Malek" <Malek@discussions.microsoft.com> wrote in message
news:8792311C-BBDF-4385-A6E3-E1344D9221B9@microsoft.com...
Hey Chris - how did you get moderate?
"chris.bransden@gmail.com" wrote:
On 2 Oct, 17:14, malek.dannou...@gmail.com wrote:
Hi,
I am using a Netscreen-5GT ADSL to route/protect my internet
connection and cannot seem to get the NAT config correct.
I was previously using a Linksys WRT-54G running DD-WRT and could get
Open NAT for xbox live no probs (either via uPnP or manual port
forwards), but since migrating to the Netscreen, the xbox live diags
always come back saying I have Strict NAT.
I have forwarded the ports (UDP88 and UDP/TCP3074) using a VIP and
have a policy in place to allow the traffic (with logging) and the
Netscreen doesnt seem to even be hit with the packets from the
outside. I have other services such as POP3 and BitTorrent working
fine using the above method.
Using MIP/DIP is not an option for me since my ISP will not assign me
multiple public/routable IPs.
I have tested a few random ALGs (such as SIP and portmapper) on the
long shot thay the Xbox live protocal may work in the same way, but as
expected nothing. I am runnnig ScreenOS 5.0.0r6.e, so I guess its
possible that later versions have a specific ALG for this.
Anyway - my question is, has anyone else got this working with a
Netscreen 5 device? or am I mising something obvious?
Thanks.
I'm also trying to figure this one as well. I've managed to get it as
far as moderate NAT, but not open. I wish I could say what it was that
got it to moderate, as I've just told my IT department (it's a work
VPN router) to assign the xbox's mac address to a static IP, and
forward those ports to it.
if anyone figures out what'll make it 'open', please let me know!
thanks,
chris
|
|
|
| Back to top |
|
|
Random
Guest
|
| Posted: Tue Nov 13, 2007 11:26 pm Post subject: Re: Getting Open Nat with a Netscreen-5GT ADSL |
|
|
I managed to get my Xbox360 to say "Open" with the netscreen
I made Three Services
Xbox Live 1 -
UDP scr port: 0 - 65535 dst port 3074-3074
TCP scr port: 0 - 65535 dst port 3074-3074
TCP scr port: 0 - 65535 dst port 88-88
Timeout Never
Xbox Live 2 -
UDP scr port: 0 - 65535 dst port 3074-3074
TCP scr port: 0 - 65535 dst port 3074-3074
Timeout 30
Xbox Live 3 -
TCP scr port: 0 - 65535 dst port 88-88
timeout 30
Instructions:
Web Management Interface -> Objects -> Services -> Custom -> Click New
Fill in the service name ad information as I have discribed above and click
OK.
On the Untrust Interface I added a VIP service for Xbox Live 2 and Xbox Live
3 pointing to my Xbox's Static Assigned IP address.
Instructions:
Web Managerment page -> Network -> Interfaces -> Click Edit on the Untrust
Interface -> Click VIP on the Properties up top -> Click New VIP service
Virtual IP, Should be your external IP, on the 5gt you should only have the
one.
Virtual Port should be the port of Live 2,
Service should point to Live 2,
Map to IP should be the static assigned IP of your 360.
Server Auto Detect should be False.
Click OK
Repeat for Live 3.
Note that you do not do this for Live 1.
On the Policies Page I added a new policy from Source Any to VIP::1 for the
Multiple Services of Xbox Live 1, Xbox Live 2, and Xbox Live 3.
Instructions:
Web Management Page -> Policies-> Select From Untrust -> Select To Trust ->
Click New->
Give it the name you want,
Select Address book entry Any for source address
Select Address book entry VIP::1 for destination Address
For Service Click Multiple Add Xbox Live 1, 2 & 3
Turn on logging if you wish.
I do not have any Advanced settings changed from defaults.
Click OK
This gave me Open access. I have only three trust to Untrust Policies that
May affect this, I allow any service from any to any, and separate ones for
IKE and PPTP from Any to Any.
I have other policies directed to VIP::1 but none that are routed via VIP to
the 360..
The affect of any of these is unknown.
it took me like two or three tries to get to these settings. with a couple
hours of work on each try. I hope they work for you guys.
"Malek" wrote:
| Quote: | It definately does not support uPnP, and is unlikely to ever do so since this
is a corporate grade firewall as opposed to a consumer device. Although, if
I can get as far as moderate NAT, that will be an improvement on strict and
should increase my options online.
"Chris H" wrote:
I'd make sure your router supports UPnP. If it doesn't, most likely you're
not going to get an Open Network Address Translation. Check with the
support folks for your Internet Service Provider, if they're the ones who
furnished the router.
--
Chris H.
Microsoft Windows MVP/Tablet PC
Tablet Creations - http://nicecreations.us/
http://forums.mobilepcworld.net
Associate Expert
Expert Zone - www.microsoft.com/windowsxp/expertzone
"Malek" <Malek@discussions.microsoft.com> wrote in message
news:8792311C-BBDF-4385-A6E3-E1344D9221B9@microsoft.com...
Hey Chris - how did you get moderate?
"chris.bransden@gmail.com" wrote:
On 2 Oct, 17:14, malek.dannou...@gmail.com wrote:
Hi,
I am using a Netscreen-5GT ADSL to route/protect my internet
connection and cannot seem to get the NAT config correct.
I was previously using a Linksys WRT-54G running DD-WRT and could get
Open NAT for xbox live no probs (either via uPnP or manual port
forwards), but since migrating to the Netscreen, the xbox live diags
always come back saying I have Strict NAT.
I have forwarded the ports (UDP88 and UDP/TCP3074) using a VIP and
have a policy in place to allow the traffic (with logging) and the
Netscreen doesnt seem to even be hit with the packets from the
outside. I have other services such as POP3 and BitTorrent working
fine using the above method.
Using MIP/DIP is not an option for me since my ISP will not assign me
multiple public/routable IPs.
I have tested a few random ALGs (such as SIP and portmapper) on the
long shot thay the Xbox live protocal may work in the same way, but as
expected nothing. I am runnnig ScreenOS 5.0.0r6.e, so I guess its
possible that later versions have a specific ALG for this.
Anyway - my question is, has anyone else got this working with a
Netscreen 5 device? or am I mising something obvious?
Thanks.
I'm also trying to figure this one as well. I've managed to get it as
far as moderate NAT, but not open. I wish I could say what it was that
got it to moderate, as I've just told my IT department (it's a work
VPN router) to assign the xbox's mac address to a static IP, and
forward those ports to it.
if anyone figures out what'll make it 'open', please let me know!
thanks,
chris
|
|
|
| Back to top |
|
|
Guest
|
| Posted: Wed Nov 14, 2007 10:26 pm Post subject: Re: Getting Open Nat with a Netscreen-5GT ADSL |
|
|
^^ This totally works
Thanks a lot I have been strugling with this one for a while...
YOU ROCK!!!!!!!!!!!!!!!!!!!!!!111
Random wrote:
| Quote: | I managed to get my Xbox360 to say "Open" with the netscreen
I made Three Services
Xbox Live 1 -
UDP scr port: 0 - 65535 dst port 3074-3074
TCP scr port: 0 - 65535 dst port 3074-3074
TCP scr port: 0 - 65535 dst port 88-88
Timeout Never
Xbox Live 2 -
UDP scr port: 0 - 65535 dst port 3074-3074
TCP scr port: 0 - 65535 dst port 3074-3074
Timeout 30
Xbox Live 3 -
TCP scr port: 0 - 65535 dst port 88-88
timeout 30
Instructions:
Web Management Interface -> Objects -> Services -> Custom -> Click New
Fill in the service name ad information as I have discribed above and click
OK.
On the Untrust Interface I added a VIP service for Xbox Live 2 and Xbox Live
3 pointing to my Xbox's Static Assigned IP address.
Instructions:
Web Managerment page -> Network -> Interfaces -> Click Edit on the Untrust
Interface -> Click VIP on the Properties up top -> Click New VIP service
Virtual IP, Should be your external IP, on the 5gt you should only have the
one.
Virtual Port should be the port of Live 2,
Service should point to Live 2,
Map to IP should be the static assigned IP of your 360.
Server Auto Detect should be False.
Click OK
Repeat for Live 3.
Note that you do not do this for Live 1.
On the Policies Page I added a new policy from Source Any to VIP::1 for the
Multiple Services of Xbox Live 1, Xbox Live 2, and Xbox Live 3.
Instructions:
Web Management Page -> Policies-> Select From Untrust -> Select To Trust -
Click New-
Give it the name you want,
Select Address book entry Any for source address
Select Address book entry VIP::1 for destination Address
For Service Click Multiple Add Xbox Live 1, 2 & 3
Turn on logging if you wish.
I do not have any Advanced settings changed from defaults.
Click OK
This gave me Open access. I have only three trust to Untrust Policies that
May affect this, I allow any service from any to any, and separate ones for
IKE and PPTP from Any to Any.
I have other policies directed to VIP::1 but none that are routed via VIP to
the 360..
The affect of any of these is unknown.
it took me like two or three tries to get to these settings. with a couple
hours of work on each try. I hope they work for you guys.
"Malek" wrote:
It definately does not support uPnP, and is unlikely to ever do so since this
is a corporate grade firewall as opposed to a consumer device. Although, if
I can get as far as moderate NAT, that will be an improvement on strict and
should increase my options online.
"Chris H" wrote:
I'd make sure your router supports UPnP. If it doesn't, most likely you're
not going to get an Open Network Address Translation. Check with the
support folks for your Internet Service Provider, if they're the ones who
furnished the router.
--
Chris H.
Microsoft Windows MVP/Tablet PC
Tablet Creations - http://nicecreations.us/
http://forums.mobilepcworld.net
Associate Expert
Expert Zone - www.microsoft.com/windowsxp/expertzone
"Malek" <Malek@discussions.microsoft.com> wrote in message
news:8792311C-BBDF-4385-A6E3-E1344D9221B9@microsoft.com...
Hey Chris - how did you get moderate?
"chris.bransden@gmail.com" wrote:
On 2 Oct, 17:14, malek.dannou...@gmail.com wrote:
Hi,
I am using a Netscreen-5GT ADSL to route/protect my internet
connection and cannot seem to get the NAT config correct.
I was previously using a Linksys WRT-54G running DD-WRT and could get
Open NAT for xbox live no probs (either via uPnP or manual port
forwards), but since migrating to the Netscreen, the xbox live diags
always come back saying I have Strict NAT.
I have forwarded the ports (UDP88 and UDP/TCP3074) using a VIP and
have a policy in place to allow the traffic (with logging) and the
Netscreen doesnt seem to even be hit with the packets from the
outside. I have other services such as POP3 and BitTorrent working
fine using the above method.
Using MIP/DIP is not an option for me since my ISP will not assign me
multiple public/routable IPs.
I have tested a few random ALGs (such as SIP and portmapper) on the
long shot thay the Xbox live protocal may work in the same way, but as
expected nothing. I am runnnig ScreenOS 5.0.0r6.e, so I guess its
possible that later versions have a specific ALG for this.
Anyway - my question is, has anyone else got this working with a
Netscreen 5 device? or am I mising something obvious?
Thanks.
I'm also trying to figure this one as well. I've managed to get it as
far as moderate NAT, but not open. I wish I could say what it was that
got it to moderate, as I've just told my IT department (it's a work
VPN router) to assign the xbox's mac address to a static IP, and
forward those ports to it.
if anyone figures out what'll make it 'open', please let me know!
thanks,
chris
|
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
