Re: MSN game zone not working for internal clients (replying to my own post)

  • From: "Bob Cheeseman" <bob@xxxxxxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Sat, 3 Aug 2002 13:56:49 -0400

RE: [isalist] Re: Block porn sites from ISA.....Doesn't work. At least
not under my current configuration. Still looking for ideas.

Bob
  -----Original Message-----
  From: Bob Cheeseman [mailto:bob@xxxxxxxxxxx]
  Sent: Friday, August 02, 2002 10:30 PM
  To: [ISAserver.org Discussion List]
  Subject: [isalist] Re: MSN game zone not working for internal clients
(replying to my own post)


  http://www.ISAserver.org


  I'm going to try that tomorrow.

  Thanx.

  Bob
    -----Original Message-----
    From: Paul Nuernberger [mailto:pen@xxxxxxxxx]
    Sent: Friday, August 02, 2002 6:12 PM
    To: [ISAserver.org Discussion List]
    Subject: [isalist] Re: MSN game zone not working for internal
clients (replying to my own post)


    http://www.ISAserver.org


    Have you tried setting up the client computer (behind the Cable
Router) as a DMZ host ??  Would that suffice ?
      -----Original Message-----
      From: Bob Cheeseman [mailto:bob@xxxxxxxxxxx]
      Sent: Friday, August 02, 2002 4:41 PM
      To: [ISAserver.org Discussion List]
      Subject: [isalist] Re: MSN game zone not working for internal
clients (replying to my own post)


      http://www.ISAserver.org


      It suddenly occurred to me why this doesn't work The DLink
Broadband router is actually the connected client which can only be a
SecureNAT  client since there is no way to install firewall client
software on the Dlink, thus the firewall client software on the internal
client computer will never work.

      Hmmm

      Bob






        I discovered quite by trial and error that SecureNAT could not
connect to the game server whilst the Firewall client could. Regardless
of the changes and protocol rules I made. I then went to the clients
location and added the firewall client thinking the problem would be
solved. No Luck. :(  The problem seems to lie in the subnetting and
routing.

        I manage a WLAN covering about 1000 sq. miles all connected
wirelessly. Each POP is a different subnet i.e.: 192.168.2.x,
192.168.3.x, etc. Static routes on the ISA server allow all the subnets
to get an IP address thru DHCP and gain access to the Internet. The only
thing not working is Games servers on subnets greater than 192.168.1.x.
The ISA internal card is bound to 192.168.1.254.

        Typical scenario,

        customer is behind Dlink Broadband router and has address
192.168.0.100
        Dlink LAN side has 192.168.0.1 and WLAN side has address
192.168.3.1 gateway 192.168.3.10
        radio connects to POP which has internal of 192.168.3.10 and
external of 192.168.1.10 and a static route to 192.168.1.254

        Not sure if this helps explain the problem or not.

        Thanx,

        Bob



          -----Original Message-----
          From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
          Sent: Friday, August 02, 2002 10:51 AM
          To: [ISAserver.org Discussion List]
          Subject: [isalist] Re: MSN game zone not working for internal
clients


          http://www.ISAserver.org


          SecureNAT clients are limited to simple protocols; no
secondary connections allowed.
          Off-subnet traffic is a different issue; you'll have to enter
a manual route for ISA to talk to those clients.
          If you're using RRAS on the ISA, enter them there, otherwise,
use a "route -p add" command to add them.

          Jim Harrison
          MCP(NT4, W2K), A+, Network+, PCG
          http://isaserver.org/authors/harrison/
          Read the books!

            ----- Original Message -----
            From: Bob Cheeseman
            To: [ISAserver.org Discussion List]
            Sent: Friday, August 02, 2002 5:02 AM
            Subject: [isalist] Re: MSN game zone not working for
internal clients


            http://www.ISAserver.org


            Jim,

            What I have found is that a client on the same internal
subnet (192.168.1.x) as the server with the firewall client installed
can use games, but a secure NAT client on the same internal subnet
(192.168.1.x)  cannot. Also, a secure NAT client on a different subnet
(192.168.3.x) even with the firewall client cannot connect.

            I have many DHCP and static assigned clients on various
subnets and use static routes to give then access. Everything seems to
work except MSN Game Zone.
            Could it be that I need to bind an address from each subnet
to the internal card and add it to the local address table?
            Any thoughts?


            Thanx,

            Bob
              -----Original Message-----
              From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
              Sent: Wednesday, July 31, 2002 11:49 PM
              To: [ISAserver.org Discussion List]
              Subject: [isalist] Re: MSN game zone not working for
internal clients


              http://www.ISAserver.org


              If you choose one of the first three as the primary port
for a new protocol definition, you can then add a range of ports in the
secondary connections.

              Jim Harrison
              MCP(NT4, W2K), A+, Network+, PCG
              http://isaserver.org/authors/harrison/
              Read the books!

                ----- Original Message -----
                From: Bob Cheeseman
                To: [ISAserver.org Discussion List]
                Sent: Wednesday, July 31, 2002 8:19 PM
                Subject: [isalist] MSN game zone not working for
internal clients


                http://www.ISAserver.org


                Hi,

                Subject says it all. Login to MSN Game zone tries
forever and connection to server responds with "unspecified error"

                Knowledge base says open ports 80,443,6667, and
28800-29100. I haven't figured out how to open a range of ports however.

                Any pointers appreciated.

                Thanx,

                Bob Cheeseman
                ------------------------------------------------------
                You are currently subscribed to this ISAserver.org
Discussion List as: jim@xxxxxxxxxxxx
                To unsubscribe send a blank email to
$subst('Email.Unsub')
              ------------------------------------------------------
              You are currently subscribed to this ISAserver.org
Discussion List as: bob@xxxxxxxxxxx
              To unsubscribe send a blank email to
$subst('Email.Unsub')
            ------------------------------------------------------
            You are currently subscribed to this ISAserver.org
Discussion List as: jim@xxxxxxxxxxxx
            To unsubscribe send a blank email to
$subst('Email.Unsub')
          ------------------------------------------------------
          You are currently subscribed to this ISAserver.org Discussion
List as: bob@xxxxxxxxxxx
          To unsubscribe send a blank email to
$subst('Email.Unsub')
        ------------------------------------------------------
        You are currently subscribed to this ISAserver.org Discussion
List as: bob@xxxxxxxxxxx
        To unsubscribe send a blank email to
$subst('Email.Unsub')
      ------------------------------------------------------
      You are currently subscribed to this ISAserver.org Discussion List
as: pen@xxxxxxxxx
      To unsubscribe send a blank email to
$subst('Email.Unsub')
    ------------------------------------------------------
    You are currently subscribed to this ISAserver.org Discussion List
as: bob@xxxxxxxxxxx
    To unsubscribe send a blank email to
$subst('Email.Unsub')
  ------------------------------------------------------
  You are currently subscribed to this ISAserver.org Discussion List as:
bob@xxxxxxxxxxx
  To unsubscribe send a blank email to
$subst('Email.Unsub')

Other related posts:

  1. Home
  2. isalist
  3. Archive
  4. 08-2002