Cisco Cisco Expressway
9
Unified Communications: Expressway (DMZ) to public internet
Expressway-E
source port
Internet
endpoint server
(listening) port
Expressway-E
server (listening) port
Internet endpoint
source port
Message direction
Outbound to an endpoint in the
Internet
Inbound from an endpoint in the
Internet
Open firewall
DMZ to Internet
Internet to DMZ
IP address
Address of
Expressway-E
Any IP
address
Address of
Expressway-E
Any IP
address
IP Po
rt
s
XMPP (IM and
Presence)
Presence)
n/a
n/a
TCP 5222
TCP S
>= 1024
UDS (phonebook
and provisioning)
and provisioning)
n/a
n/a
TCP 8443
TCP S
>= 1024
TURN server
control / media
control / media
n/a
n/a
UDP 3478 (to
3483)
R /
24000 to 29999
UDP S
>= 1024
SIP signaling
TLS
25000 to 29999
TLS S
>= 1024
TLS 5061
TLS S
>= 1024
SIP media
UDP Y
E
36002 to 59999 *
UDP N
>= 1024
UDP Y
E
36002 to 59999 *
UDP N
>= 1024
N = Expressway waits until it receives media, then it
sends its media to the IP port from which the
media was received (egress port of the media
from the far end non SIP-aware firewall): any port
>= 1024
media was received (egress port of the media
from the far end non SIP-aware firewall): any port
>= 1024
R = On Large VM server deployments you can
configure a range of TURN request listening ports
S = Source port , typically >= 1024
Y
E
= Local Zone > Traversal Subzone > Traversal
Media port start to end (configured on
Expressway-E): default = 36000 to 59999 *
Expressway-E): default = 36000 to 59999 *
* The first 2 ports in the range are used for multiplexed
traffic only (with Large VM deployments the first 12 ports in
the range – 36000 to 36011 – are used).
Unified CM-UDS
Expressway-C
Expressway-E
Internet
DMZ
IM&P