Cisco Cisco Expressway Maintenance Manual
Note that:
■
Ports 8191/8192 TCP and 8883/8884 TCP are used internally within the Expressway-C and the Expressway-E
applications. Therefore these ports must not be allocated for any other purpose. The Expressway-E listens
externally on port 8883; therefore we recommend that you create custom firewall rules on the external LAN
interface to drop TCP traffic on that port.
applications. Therefore these ports must not be allocated for any other purpose. The Expressway-E listens
externally on port 8883; therefore we recommend that you create custom firewall rules on the external LAN
interface to drop TCP traffic on that port.
■
The Expressway-E listens on port 2222 for SSH tunnel traffic. The only legitimate sender of such traffic is the
Expressway-C (cluster). Therefore we recommend that you create the following firewall rules for the SSH
tunnels service:
Expressway-C (cluster). Therefore we recommend that you create the following firewall rules for the SSH
tunnels service:
—
one or more rules to allow all of the Expressway-C peer addresses (via the internal LAN interface, if
appropriate)
appropriate)
—
followed by a lower priority (higher number) rule that drops all traffic for the SSH tunnels service (on the
internal LAN interface if appropriate, and if so, another rule to drop all traffic on the external interface)
internal LAN interface if appropriate, and if so, another rule to drop all traffic on the external interface)
Microsoft Lync B2BUA Port Reference
The port numbers listed below are the default port values. The values used in a real deployment may vary if they have
been modified, for example, by changes of registry settings or through group policy, on Lync and Lync client, or
configuration on Expressway (Applications > B2BUA).
been modified, for example, by changes of registry settings or through group policy, on Lync and Lync client, or
configuration on Expressway (Applications > B2BUA).
Between B2BUA and Lync
Purpose
Protocol
B2BUA IP port
Lync IP port
Signaling to Lync Server
TLS
65072
5061 (Lync signaling destination
port)
port)
Signaling from Lync Server
TLS
65072
Lync ephemeral port
Media
(The Lync B2BUA application should run
on a separate "Gateway" Expressway
and so this range should not conflict with
the standard traversal media port range)
on a separate "Gateway" Expressway
and so this range should not conflict with
the standard traversal media port range)
Note:
The Expressway does not forward
DSCP information that it receives in
media streams.
media streams.
UDP
56000 to 57000
Each call can use
up to 18 ports if
you Enable RDP
Transcoding for
this B2BUA.
up to 18 ports if
you Enable RDP
Transcoding for
this B2BUA.
Increase this range
if you see "Media
port pool
exhausted"
warnings.
if you see "Media
port pool
exhausted"
warnings.
Lync client media ports
Desktop Share from Lync clients to
B2BUA
B2BUA
TCP
6000-6099
Lync client RDP ports
Between B2BUA and Expressway (internal communications)
Purpose
Protocol
B2BUA IP port
Expressway IP port
Internal communications with
Expressway application
Expressway application
TLS
65070
SIP TCP outbound port
Transcoded desktop sharing sessions
from B2BUA to internal call control
(CUCM or VCS)
from B2BUA to internal call control
(CUCM or VCS)
UDP
6100-6199
UDP Media port range
262
Cisco Expressway Administrator Guide