Cisco Cisco Expressway Maintenance Manual
n
Assent is Cisco’s proprietary protocol.
n
H.460.18 and H.460.19 are ITU standards which define protocols for the firewall traversal of signaling and
media respectively. These standards are based on the original Assent protocol.
media respectively. These standards are based on the original Assent protocol.
A traversal server and traversal client must use the same protocol in order to communicate. The two
protocols each use a different range of ports.
protocols each use a different range of ports.
SIP firewall traversal protocols
The Expressway supports the Assent protocol for SIP firewall traversal of media.
The signaling is traversed through a TCP/TLS connection established from the client to the server.
Media demultiplexing
The Expressway-E uses media demultiplexing in the following call scenarios:
n
Any H.323 or SIP call leg to/from an Expressway-C through a traversal zone configured to use Assent.
n
Any H.323 call leg to/from an Expressway-C through a traversal server zone configured to use H460.19 in
demultiplexing mode
demultiplexing mode
n
H.323 call legs between an Expressway-E and an Assent or H.460.19 enabled endpoint
The Expressway-E uses non-demultiplexed media for call legs directly to/from SIP endpoints (that is
endpoints which do not support Assent or H.460.19), or if the traversal server zone is not configured to use
H.460.19 in demultiplexing mode.
endpoints which do not support Assent or H.460.19), or if the traversal server zone is not configured to use
H.460.19 in demultiplexing mode.
Media demultiplexing ports on the Expressway-E are allocated from the general range of traversal media
ports. This applies to all RTP/RTCP media, regardless of whether it is H.323 or SIP. The default media port
range is 36000 to 59999. The first 2 ports in the range are used for multiplexed traffic only (with Large VM
deployments the first 12 ports in the range – 36000 to 36011 – are used).
ports. This applies to all RTP/RTCP media, regardless of whether it is H.323 or SIP. The default media port
range is 36000 to 59999. The first 2 ports in the range are used for multiplexed traffic only (with Large VM
deployments the first 12 ports in the range – 36000 to 36011 – are used).
For example, in a SIP call from within an enterprise to an endpoint at home through an Expressway-
C/Expressway-E pair, the only demultiplexing that would occur would be on the Expressway-E ports facing
the Expressway-C:
C/Expressway-E pair, the only demultiplexing that would occur would be on the Expressway-E ports facing
the Expressway-C:
Enterprise
endpoint
endpoint
Expressway-C
Expressway-E
Home
endpoint
endpoint
Non-
demuxed
Non-
demuxed
demuxed
Demuxed Non-
demuxed
RTP ports
36002 36004
36000 36002
RTCP ports
36003 36005
36001 36003
However, an H.323 call from within an enterprise to an Assent capable H.323 endpoint at home through the
same Expressway-C/Expressway-E would perform demultiplexing on both sides of the Expressway-E:
same Expressway-C/Expressway-E would perform demultiplexing on both sides of the Expressway-E:
Enterprise
endpoint
endpoint
Expressway-C
Expressway-E
Home
endpoint
endpoint
Non-
demuxed
Non-
demuxed
demuxed
Demuxed Demuxed
RTP ports
36002 36004
36000 36000
RTCP ports
36003 36005
36001 36001
Cisco Expressway Administrator Guide (X8.1)
Page 42 of 344
Firewall traversal
About firewall traversal