Xbox Live issue with ASA5505

[Guest]

I use a Cisco ASA5505 at home to allow VPN access to work.  For some reason, Im unable to use Xbox Live Messenger or Group invites.  When I do a network test, everything goes through, except that I get an exclamation saying that my NAT is set to Moderate.  Everything seems to work fine as far as downloading and sending messages, but I can use Messenger or get into Groups.  Im still pretty new to setting up Cisco equipment, so I know Im missing something.  Here is a copy of my "show run" from the ASA: Thanks !interface Vlan1 description Garda VPN network nameif inside security-level 100 IP DELETED!interface Vlan2 description Internet nameif outside security-level 0 ip address dhcp setroute!interface Vlan3 description Home network no forward interface Vlan1 nameif dmz security-level 1 ip address 192.168.2.1 255.255.255.0!interface Ethernet0/0 switchport access vlan 2!interface Ethernet0/1 switchport access vlan 3!interface Ethernet0/2 switchport access vlan 3!interface Ethernet0/3 switchport access vlan 3!interface Ethernet0/4 switchport access vlan 3!interface Ethernet0/5!interface Ethernet0/6!interface Ethernet0/7!ftp mode passiveclock timezone EST -5clock summer-time EDT recurringdns server-group DefaultDNSsame-security-traffic permit inter-interfaceaccess-list outside_access_in extended permit icmp any anypager lines 24logging enablelogging asdm informationalmtu inside 1500mtu outside 1500mtu dmz 1500ip verify reverse-path interface outsideicmp unreachable rate-limit 1 burst-size 1icmp permit any insideicmp deny any outsideicmp permit any dmzasdm image disk0:/asdm-524.binno asdm history enablearp timeout 14400global (outside) 101 interfacenat (inside) 101 0.0.0.0 0.0.0.0nat (dmz) 101 0.0.0.0 0.0.0.0access-group outside_access_in in interface outsidetimeout xlate 3:00:00timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolutehttp server enablehttp 10.0.0.0 255.0.0.0 insidehttp (IP DELETED) 255.255.255.240 insidehttp 192.168.2.0 255.255.255.0 dmzhttp 10.0.0.0 255.0.0.0 outsidesnmp-server location Home Networksnmp-server contact Gary Shamliansnmp-server community ATSROsnmp-server enable traps snmp authentication linkup linkdown coldstartcrypto isakmp policy 65535 authentication pre-share encryption 3des hash sha group 2 lifetime 86400telnet (IP DELETED) 255.255.255.240 insidetelnet 10.0.0.0 255.0.0.0 insidetelnet 10.0.0.0 255.0.0.0 outsidetelnet timeout 5ssh timeout 5console timeout 0management-access insidedhcpd auto_config outside!dhcpd address (IP DELETED) insidedhcpd dns (IP DELETED) interface insidedhcpd wins (IP DELETED) interface insidedhcpd domain (DOMAIN DELETED) interface insidedhcpd option 150 ip (IP DELETED) interface insidedhcpd enable inside!dhcpd address 192.168.2.100-192.168.2.131 dmzdhcpd enable dmz!vpnclient server (IP DELETED)vpnclient mode network-extension-modevpnclient nem-st-autoconnectvpnclient vpngroup (GROUP DELETED) password ********vpnclient username (NAME DELETED) password ********vpnclient enablepriority-queue insidentp server (IP DELETED) source outside preferntp server (IP DELETED) source outsidentp server (IP DELETED) source outsidentp server (IP DELETED) source outsidentp server (IP DELETED) source outsidentp server (IP DELETED) source outside!class-map inspection_default match default-inspection-traffic!!policy-map type inspect dns preset_dns_map parameters  message-length maximum 512policy-map global_policy class inspection_default  inspect dns preset_dns_map  inspect ftp  inspect h323 h225  inspect h323 ras  inspect netbios  inspect rsh  inspect rtsp  inspect skinny  inspect esmtp  inspect sqlnet  inspect sunrpc  inspect tftp  inspect sip  inspect xdmcp  inspect pptp  inspect ipsec-pass-thru!service-policy global_policy globalprompt hostname contextCryptochecksum:b97849320c12fc522be97262990b08e2: end

[Guest]

Hi gshamlian, Sorry for the late reply but the ASA 5500 series is considered a Cisco Classic product and this forum is for Cisco Small Business Products. I did some research and found a post in the Cisco NetPro Forums that may be of help.  Please click here for more info. Best regards,Cindy ToyCisco Small Business SupportCommunity Manager

[Guest]

Cindy, Thanks so much for the reply.  Sorry for the misplacement of my question, I didn know where else to post it.  I actually returned my ASA to the network department for redistribution and am using a software vpn instead.  Ill keep this thread handy though in case my company ever does away with the software vpn and moves to strictly hardware vpn access.