Cisco Cisco Expressway
Purpose
Source
Dest. Source
IP
Source
port
port
Transport
protocol
protocol
Dest. IP
Dest. port
RTP & RTCP
Endpoint EXPe Any
>=1024
UDP
192.0.2.2 36002 to
59999
TURN server control
Endpoint EXPe Any
>=1024
UDP
192.0.2.2 3478 **
TURN server media
Endpoint EXPe Any
>=1024
UDP
192.0.2.2 24000 to
29999
** On Large systems you can configure a range of TURN request listening ports. The default range is 3478 –
3483.
3483.
Outbound (DMZ > Internet)
If you want to restrict communications from the DMZ to the wider Internet, the following table provides
information on the outgoing IP addresses and ports required to permit the Expressway-E to provide service to
external endpoints.
information on the outgoing IP addresses and ports required to permit the Expressway-E to provide service to
external endpoints.
Purpose
Source Dest.
Source
IP
IP
Source port
Transport
protocol
protocol
Dest. IP
Dest.
port
port
H.323 endpoints with public IP address
Q.931/H.225
EXPe
Endpoint
192.0.2.2 15000 to
19999
TCP
Any
1720
H.245
EXPe
Endpoint
192.0.2.2 15000 to
19999
TCP
Any
>=1024
RTP & RTCP
EXPe
Endpoint
192.0.2.2 36000 to
59999
UDP
Any
>=1024
SIP endpoints using UDP / TCP or TLS
SIP TCP & TLS
EXPe
Endpoint
192.0.2.2 25000 to
29999
TCP
Any
>=1024
SIP UDP
EXPe
Endpoint
192.0.2.2 5060
UDP
Any
>=1024
RTP & RTCP
EXPe
Endpoint
192.0.2.2 36000 to
59999
UDP
Any
>=1024
TURN server
media
media
EXPe
Endpoint
192.0.2.2 24000 to
29999
UDP
Any
>=1024
Other services (as required)
DNS
EXPe
DNS
server
server
192.0.2.2 >=1024
UDP
DNS
servers
servers
53
NTP (time sync)
EXPe
NTP
server
server
192.0.2.2 123
UDP
NTP
servers
servers
123
Cisco Expressway Basic Configuration Deployment Guide (X8.2)
Page 44 of 57
Appendix 3: Firewall and NAT settings