We help IT Professionals succeed at work.

Online gamining through Cisco router.  UPNP?

andrewprouse
andrewprouse asked
on
Medium Priority
2,884 Views
Last Modified: 2012-09-29
Hi there,

I have an issues whereby I've just installed a Cisco 887VAW router at a company director's house to allow site-to-site VPN to his office.  This works great.  The issue we have is that his son now can't play his online games.  Apparently Cisco router's don't support UPNP.

Is there a way around this?

The home network has 1 static public IP.

Any help would be much appreciated.

Cheers, Andy
Comment
Watch Question

Commented:
Create static NAT rules on the Cisco that map the required ports to the son's PC.

Statfeul inspection should allow for most games to work though.

Author

Commented:
Static NAT would be an absolute nightmare as there are several games consoles, 2-3 laptops for the kids etc.  I think I'm going to look into statefull inspection, any tips or walk-throughs?

Commented:
You should be able to add some lines like this if you have the required IOS image:

ip inspect name MAIN tcp
ip inspect name MAIN udp timeout 43200
ip inspect name MAIN isakmp
ip inspect name MAIN esmtp
ip inspect name MAIN bittorrent
ip inspect name MAIN https


Then on the inside interface (LAN interface) add the following line:

ip inspect MAIN in

You can get a list of all the available protocols by typing

ip inspect name MAIN ?

The tcp and udp ones will cover anything that does not fall under a more specific category.

Author

Commented:
Am I right in thinking that the IP INSPECT feature will take care of the firewall rules but not NAT ?  If so, how do I then allow the relevant (unknown) ports through NAT ?

Cheers, Andy

Commented:
IP inspection follows outbound packets to allow inbound packets to return to the correct inside host.  NATing is still required.

Author

Commented:
So how would I 'automatically' add relevant NAT rules to allow online gaming?

Commented:
You need the PAT I guess would be more correct, so you still need the NAT statement that allows outbound Internet connections.  Hopefully the inspection rules will be enough to allow the games to work.

Author

Commented:
I've enabled IP INSPECTION so the director / his kids will test this evening (I hope it works).

I'm guessing that if a game/service were to listen on a port (that hasn't been statically allowed through NAT/PAT) then it will fail.  If however the game initiates communication on a certain port then IP INSPECTION will open the inbound port back to that host.

Hopefully online gaming works like the latter.
Commented:
That is how it is supposed to work, so hopefully the games only use inbound connections related to the outbound ones :)

Author

Commented:
Yep this worked as expected, thank you. IP INSPECT allows the game traffic back in saving the need for UPNP.

Thank you :)