andrewprouse
asked on
Online gamining through Cisco router. UPNP?
Hi there,
I have an issues whereby I've just installed a Cisco 887VAW router at a company director's house to allow site-to-site VPN to his office. This works great. The issue we have is that his son now can't play his online games. Apparently Cisco router's don't support UPNP.
Is there a way around this?
The home network has 1 static public IP.
Any help would be much appreciated.
Cheers, Andy
I have an issues whereby I've just installed a Cisco 887VAW router at a company director's house to allow site-to-site VPN to his office. This works great. The issue we have is that his son now can't play his online games. Apparently Cisco router's don't support UPNP.
Is there a way around this?
The home network has 1 static public IP.
Any help would be much appreciated.
Cheers, Andy
ASKER
Static NAT would be an absolute nightmare as there are several games consoles, 2-3 laptops for the kids etc. I think I'm going to look into statefull inspection, any tips or walk-throughs?
You should be able to add some lines like this if you have the required IOS image:
ip inspect name MAIN tcp
ip inspect name MAIN udp timeout 43200
ip inspect name MAIN isakmp
ip inspect name MAIN esmtp
ip inspect name MAIN bittorrent
ip inspect name MAIN https
Then on the inside interface (LAN interface) add the following line:
ip inspect MAIN in
You can get a list of all the available protocols by typing
ip inspect name MAIN ?
The tcp and udp ones will cover anything that does not fall under a more specific category.
ip inspect name MAIN tcp
ip inspect name MAIN udp timeout 43200
ip inspect name MAIN isakmp
ip inspect name MAIN esmtp
ip inspect name MAIN bittorrent
ip inspect name MAIN https
Then on the inside interface (LAN interface) add the following line:
ip inspect MAIN in
You can get a list of all the available protocols by typing
ip inspect name MAIN ?
The tcp and udp ones will cover anything that does not fall under a more specific category.
ASKER
Am I right in thinking that the IP INSPECT feature will take care of the firewall rules but not NAT ? If so, how do I then allow the relevant (unknown) ports through NAT ?
Cheers, Andy
Cheers, Andy
IP inspection follows outbound packets to allow inbound packets to return to the correct inside host. NATing is still required.
ASKER
So how would I 'automatically' add relevant NAT rules to allow online gaming?
You need the PAT I guess would be more correct, so you still need the NAT statement that allows outbound Internet connections. Hopefully the inspection rules will be enough to allow the games to work.
ASKER
I've enabled IP INSPECTION so the director / his kids will test this evening (I hope it works).
I'm guessing that if a game/service were to listen on a port (that hasn't been statically allowed through NAT/PAT) then it will fail. If however the game initiates communication on a certain port then IP INSPECTION will open the inbound port back to that host.
Hopefully online gaming works like the latter.
I'm guessing that if a game/service were to listen on a port (that hasn't been statically allowed through NAT/PAT) then it will fail. If however the game initiates communication on a certain port then IP INSPECTION will open the inbound port back to that host.
Hopefully online gaming works like the latter.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Yep this worked as expected, thank you. IP INSPECT allows the game traffic back in saving the need for UPNP.
Thank you :)
Thank you :)
Statfeul inspection should allow for most games to work though.