Re: MSN game zone not working for internal clients
- From: "Bob Cheeseman" <bob@xxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Mon, 5 Aug 2002 10:19:36 -0400
RE: [isalist] Re: Block porn sites from ISA.....Jim,
I am unable to make any of the WLAN clients use the Firewall Client.
Configuration is like this;
ISA external 206.172.0.x (public) Internal 192.168.1.254
ISA static routes 192.168.3.0 gateway 192.168.3.10 (internal)
remote radio (bridge side) static route 0.0.0.0 gateway 192.168.1.254
remote radio
remote radio (client side) 192.168.3.10
Clients from the 192.168.3.10 side use Dlink broadband router and are
assigned static IP's i.e.:192.168.3.4 gateway 192.168.3.10
on the inside the Dlink provides DHCP to internal LAN on
192.168.0.100-200 with a gateway of 192.168.0.1.
Firewall client will only refresh if I try to connect to 192.168.1.254,
if I try to connect by server name I get the error "cannot resolve
server name". this is to be expected I presume. When I try to use the
internet while the firewall client is configure for 192.168.1.254, it
works fine until I try the games, then the firewall client Icon gets a
red Exclamation mark thru it, and it says server inaccessible.
It makes sense that since the Dlink has the 192.168.3.x routed address,
and not the client computer, that the firewall client should not work.
So today, I took the Dlink out the equation and tried just connecting a
computer with a 192.168.3.4 address, but I got the same result.
Errrggg!
Bob
-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: Sunday, August 04, 2002 10:45 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: MSN game zone not working for internal clients
http://www.ISAserver.org
I'd agree with you; it sounds like a routing problem from your WLAN.
Do the WLAN clients show any errors in their FW clients?
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/authors/harrison/
Read the books!
----- Original Message -----
From: Bob Cheeseman
To: [ISAserver.org Discussion List]
Sent: Friday, August 02, 2002 9:38 AM
Subject: [isalist] Re: MSN game zone not working for internal
clients
http://www.ISAserver.org
I discovered quite by trial and error that SecureNAT could not
connect to the game server whilst the Firewall client could. Regardless
of the changes and protocol rules I made. I then went to the clients
location and added the firewall client thinking the problem would be
solved. No Luck. :( The problem seems to lie in the subnetting and
routing.
I manage a WLAN covering about 1000 sq. miles all connected
wirelessly. Each POP is a different subnet i.e.: 192.168.2.x,
192.168.3.x, etc. Static routes on the ISA server allow all the subnets
to get an IP address thru DHCP and gain access to the Internet. The only
thing not working is Games servers on subnets greater than 192.168.1.x.
The ISA internal card is bound to 192.168.1.254.
Typical scenario,
customer is behind Dlink Broadband router and has address
192.168.0.100
Dlink LAN side has 192.168.0.1 and WLAN side has address 192.168.3.1
gateway 192.168.3.10
radio connects to POP which has internal of 192.168.3.10 and
external of 192.168.1.10 and a static route to 192.168.1.254
Not sure if this helps explain the problem or not.
Thanx,
Bob
-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: Friday, August 02, 2002 10:51 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: MSN game zone not working for internal
clients
http://www.ISAserver.org
SecureNAT clients are limited to simple protocols; no secondary
connections allowed.
Off-subnet traffic is a different issue; you'll have to enter a
manual route for ISA to talk to those clients.
If you're using RRAS on the ISA, enter them there, otherwise, use
a "route -p add" command to add them.
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/authors/harrison/
Read the books!
----- Original Message -----
From: Bob Cheeseman
To: [ISAserver.org Discussion List]
Sent: Friday, August 02, 2002 5:02 AM
Subject: [isalist] Re: MSN game zone not working for internal
clients
http://www.ISAserver.org
Jim,
What I have found is that a client on the same internal subnet
(192.168.1.x) as the server with the firewall client installed can use
games, but a secure NAT client on the same internal subnet (192.168.1.x)
cannot. Also, a secure NAT client on a different subnet (192.168.3.x)
even with the firewall client cannot connect.
I have many DHCP and static assigned clients on various subnets
and use static routes to give then access. Everything seems to work
except MSN Game Zone.
Could it be that I need to bind an address from each subnet to
the internal card and add it to the local address table?
Any thoughts?
Thanx,
Bob
-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: Wednesday, July 31, 2002 11:49 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: MSN game zone not working for internal
clients
http://www.ISAserver.org
If you choose one of the first three as the primary port for a
new protocol definition, you can then add a range of ports in the
secondary connections.
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/authors/harrison/
Read the books!
----- Original Message -----
From: Bob Cheeseman
To: [ISAserver.org Discussion List]
Sent: Wednesday, July 31, 2002 8:19 PM
Subject: [isalist] MSN game zone not working for internal
clients
http://www.ISAserver.org
Hi,
Subject says it all. Login to MSN Game zone tries forever
and connection to server responds with "unspecified error"
Knowledge base says open ports 80,443,6667, and 28800-29100.
I haven't figured out how to open a range of ports however.
Any pointers appreciated.
Thanx,
Bob Cheeseman
------------------------------------------------------
You are currently subscribed to this ISAserver.org
Discussion List as: jim@xxxxxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion
List as: bob@xxxxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion
List as: jim@xxxxxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List
as: bob@xxxxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List
as: jim@xxxxxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
bob@xxxxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')
Other related posts:
