ISA Server and Xbox Live: Not Officially Supported. But I'm interested...

It's old news, but I thought I might as well get the conversation started, after John emailed me asking about getting ISA working with Xbox Live.

I need to state up front that last time I heard anything about anything, Xbox Live wasn't officially supported through ISA.

Rather than "your mileage may vary" , this puts it firmly in the "any mileage you do get is purely a bonus" category.

So, don't do it. It probably doesn't and won't work right. Get yourself an Xbox Live compatible router, configure your Xbox to go through it instead of ISA, and game on! Simplicity itself.

That said, I thought I'd share my experiences so others could chime in with theirs, if they found something workable, interesting or otherwise.

I tried XBL with ISA 2000 a bit over a year ago; no dice. Couldn't do a content download through it, though I was able to play if I removed ISA, used RRAS/NAT to do the content download, then reinstalled ISA. Bit much trouble to go to for any required updates.

I tried XBL with ISA 2004 Beta 2, and it seemed to work for the most part, but with interesting caveats; I'd not be able to hear some people (I think - it's kinda hard to tell), or conversation would dry up quickly, or there'd be fewer games available when searching than without it.  I managed to play several games, but some were more problematic than others. Circumstantial, unscientific. Never really gave it much thought, and went back to ISA 2000 until ISA 2004 RTMd.

My current working setup has my ISA 2004 box feeding into a D-link DI-624. All the PC clients point at the ISA Server as their default gateway, but I run two subnets; one is DHCP-served by the ISA Server for access-controlled clients (eg, those that sit on my domain, and use the ISA Server for internet access), and the other subnet is just for direct router clients, including… the Xbox, which sits there using a static IP, default gateway and DNS pointed at the router. Both sets of clients are on the same physical wire in their different subnets - it's not a security setup - but if you had more hubs than I do, it could be, easily.

I have very few problems with this setup, and I get the best of both worlds. So, if in doubt, get a compatible router, plug everything into it, and point the real PCs at the ISA box, and the Xbox at the router gateway. Simple!

Some related resources around the net:

• There's the classic article by Aaron Shimmons at Isaserver.org, https://www.isaserver.org/tutorials/xboxlive.html , written for ISA 2000, that describes the protocols you'll need to create/allow.
• Tim Anderson came up with a slightly different method a while back.
• The Xbox Live Troubleshooting guide is here: https://www.xbox.com/en-us/live/connect/diagnosing.htm , also mentioning the What.

So...

If you do want to fiddle with XBL through ISA, you'll need unauthenticated access to a range of protocols; with ISA 2004, it's probably a lot easier to give the Xbox a static IP, create a computer set containing just that IP, and allow that computer set to use all IP outbound (especially if you're trying to simulate a corporate environment with authentication and other access controls with your other rules - just another way ISA 2004 rules rock!)

Thinking out loud, it's just possible that the situation might be further improved by creating a server publishing rule that allows 3074 TCP Inbound and UDP Receive Send too, but I haven't tried it; just assuming that if we use those protocols outbound, they might also be used inbound, and Server Publishing is How It's Done if that's the case. And of course, you can watch for dropped connections live in the logs, if you're trying to work out why something is not working...

Has anyone gone further, or got other creative solutions? Love to hear them!