Cisco Cisco Expressway
Appendix 2: IP ports and protocols
It is unusual to have any sort of firewall between cluster peers, but if there is, the IP protocols and ports that
must be open between each and every Expressway peer in the cluster are listed below.
must be open between each and every Expressway peer in the cluster are listed below.
For cluster communications between Expressway peers:
n
UDP port 500 (ISAKMP) is used for PKI (Public Key Infrastructure) key exchange
n
Standard SIP and H.323 signaling ports are used for calls
n
UDP port 1719 is used for bandwidth updates between Expressway peers
n
IP protocol 51 (IPSec AH) is used for database synchronization
If you are using the Expressway's built-in Firewall rules feature then you must ensure that it is not
configured to drop or reject traffic sent to UDP ports 4369 – 4380.
configured to drop or reject traffic sent to UDP ports 4369 – 4380.
IPSec communications
For IPSec between Expressway cluster peers:
n
AES256 is used for encryption, SHA256 (4096 bit key length) is used for authentication; peers are identified
by their IP address and are authenticated using a pre-shared key
by their IP address and are authenticated using a pre-shared key
n
Main mode is used during the IKE exchange
n
diffie-hellman group ‘modp4096’ is used
Cisco Expressway Cluster Creation and Maintenance Deployment Guide (X8.1.1)
Page 29 of 37
Appendix 2: IP ports and protocols