Cisco Cisco Expressway
Purpose
Source
Dest. Source
IP
Source
port
port
Transport
protocol
protocol
Dest. IP
Dest. port
H.245
Endpoint EXPe Any
>=1024
TCP
192.0.2.2 15000 to
19999
RTP & RTCP
Endpoint EXPe Any
>=1024
UDP
192.0.2.2 36002 to
59999
SIP endpoints using UDP / TCP or TLS
SIP TCP
Endpoint EXPe Any
>=1024
TCP
192.0.2.2 5060
SIP UDP
Endpoint EXPe Any
>=1024
UDP
192.0.2.2 5060
SIP TLS
Endpoint EXPe Any
>=1024
TCP
192.0.2.2 5061
RTP & RTCP
Endpoint EXPe Any
>=1024
UDP
192.0.2.2 36002 to
59999
TURN server control
Endpoint EXPe Any
>=1024
UDP
192.0.2.2 3478 **
TURN server media
Endpoint EXPe Any
>=1024
UDP
192.0.2.2 24000 to
29999
** On Large systems you can configure a range of TURN request listening ports. The default range is 3478 –
3483.
3483.
Outbound (DMZ > Internet)
If you want to restrict communications from the DMZ to the wider Internet, the following table provides
information on the outgoing IP addresses and ports required to permit the Expressway-E to provide service to
external endpoints.
information on the outgoing IP addresses and ports required to permit the Expressway-E to provide service to
external endpoints.
Purpose
Source Dest.
Source
IP
IP
Source port
Transport
protocol
protocol
Dest. IP
Dest.
port
port
H.323 endpoints with public IP address
Q.931/H.225
EXPe
Endpoint
192.0.2.2 15000 to
19999
TCP
Any
1720
H.245
EXPe
Endpoint
192.0.2.2 15000 to
19999
TCP
Any
>=1024
RTP & RTCP
EXPe
Endpoint
192.0.2.2 36000 to
59999
UDP
Any
>=1024
SIP endpoints using UDP / TCP or TLS
SIP TCP & TLS
EXPe
Endpoint
192.0.2.2 25000 to
29999
TCP
Any
>=1024
SIP UDP
EXPe
Endpoint
192.0.2.2 5060
UDP
Any
>=1024
RTP & RTCP
EXPe
Endpoint
192.0.2.2 36000 to
59999
UDP
Any
>=1024
TURN server
media
media
EXPe
Endpoint
192.0.2.2 24000 to
29999
UDP
Any
>=1024
Other services (as required)
Cisco Expressway Basic Configuration Deployment Guide (X8.6)
Page 44 of 57
Appendix 3: Firewall and NAT settings