Re: Issues with Xbox 360

[Dan Oachs <doachs () GAC EDU>]

I'm sure you have all heard this a million times by now, but I'm going 
to repeat it anyway.  I would strongly suggest investing some time in 
getting the game consoles onto a network that supports native IPv6 ( but 
don't stop there, get the whole campus moved). Xboxes like or dare I say 
crave IPv6 and will do everything they can to use it whether you like it 
or not.  There are really very few excuses these days not to give it a 
shot.  Heck, all three of our ISPs are happy to route our IPv6 traffic.

--Dan



On 8/26/15 10:06 PM, Gregg, Christopher S. wrote:
> It sounds like this might  be a (temporary) service issue with Xbox Live per the previous response.
>
> However, we were the school that reported the game console NAT issues with our Palo Alto last winter.  Our interim solution for 
> spring semester was a very labor intensive 1:1 NAT solution with reserved IP addresses.  Our solution for this school year is 
> that as we have implemented Cisco ISE, the system is able to auto-profile game consoles and put them on a VLAN that uses public 
> IP addresses while other devices on the network are assigned private IP's and NAT'd.  We just went live at the 
> beginning of August and so far, so good.
>
> Chris
>
>
> Chris Gregg
> Director of IT
> Information Resources and Technologies (IRT)
> University of St. Thomas, Minnesota
> csgregg () stthomas edu
>
>
>
> -----Original Message-----
> From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of 
> Councill, David
> Sent: Wednesday, August 26, 2015 4:20 PM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: [SECURITY] Issues with Xbox 360
>
> Now that the fall semester has just started this week, I have received complaints from a number of residents of our 
> residence halls that they are getting disconnects from Xbox Live. Getting information passed on to us can be difficult 
> but with more information and some testing, the problem appears to only affect Xbox 360 (not Xbox 1) and only happens 
> when more than one user tries to connect from the same dorm network. We are using PAT for each of our dorm networks, 
> and the Microsoft answer is to open up ports on the firewall. But since we use PAT, we would still have to go to a 1:1 
> NAT before we could do any port forwarding. There was a discussion on similar NAT issues with Xbox early this year 
> (January) on this list relative to using Palo Alto firewalls thus I thought I would try this list again.
>
> Right now, we are wondering why this problem just started occurring this semester as we haven't had problems in past years 
> using PAT. The fact that it only affects the older Xboxes would indicate the issue is on Microsoft's side. Is anyone else 
> seeing this problem? And how are you dealing with it? The only fix I see so far would be tracking the hundreds of Xboxes on 
> campus and assigning them static or reserved IPs with a 1:1 NAT which seems to be impractical and time consuming.
>
>
> __
>
>
> David Councill
> Network Security Engineer
> Washington State University
> Information Technology Building | PO Box 641222 | Pullman, WA 99164 david.councill () wsu edu
>
>
>
>
>

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature