Cisco Cisco Expressway Maintenance Manual
Expressway-E listens for connections from the client on a specific port, you are recommended to create the traversal
server zone on the Expressway-E before you create the traversal client zone on the Expressway-C.
server zone on the Expressway-E before you create the traversal client zone on the Expressway-C.
Note that the traversal client and the traversal server must both be Expressway systems (neither can be a Cisco VCS).
H.323 Firewall Traversal Protocols
The Expressway supports two different firewall traversal protocols for H.323: Assent and H.460.18/H.460.19.
■
Assent is Cisco’s proprietary protocol.
■
H.460.18 and H.460.19 are ITU standards which define protocols for the firewall traversal of signaling and
media respectively. These standards are based on the original Assent protocol.
media respectively. These standards are based on the original Assent protocol.
A traversal server and traversal client must use the same protocol in order to communicate. The two protocols each
use a different range of ports.
use a different range of ports.
SIP Firewall Traversal Protocols
The Expressway supports the Assent protocol for SIP firewall traversal of media.
The signaling is traversed through a TCP/TLS connection established from the client to the server.
Media Demultiplexing
The Expressway-E uses media demultiplexing in the following call scenarios:
■
Any H.323 or SIP call leg to/from an Expressway-C through a traversal zone configured to use Assent.
■
Any H.323 call leg to/from an Expressway-C through a traversal server zone configured to use H460.19 in
demultiplexing mode
demultiplexing mode
■
H.323 call legs between an Expressway-E and an Assent or H.460.19 enabled endpoint
The Expressway-E uses non-demultiplexed media for call legs directly to/from SIP endpoints (that is endpoints which
do not support Assent or H.460.19), or if the traversal server zone is not configured to use H.460.19 in demultiplexing
mode.
do not support Assent or H.460.19), or if the traversal server zone is not configured to use H.460.19 in demultiplexing
mode.
Media demultiplexing ports on the Expressway-E are allocated from the general range of traversal media ports. This
applies to all RTP/RTCP media, regardless of whether it is H.323 or SIP. The default media traversal port range is
36000 to 59999, and is set on the Expressway-C at Configuration > Traversal Subzone. In Large Expressway
systems the first 12 ports in the range – 36000 to 36011 by default – are always reserved for multiplexed traffic. The
Expressway-E listens on these ports. You cannot configure a distinct range of demultiplex listening ports on Large
systems: they always use the first 6 pairs in the media port range. On Small/Medium systems you can explicitly
specify which 2 ports listen for multiplexed RTP/RTCP traffic, on the Expressway-E (Configuration > Traversal
> Ports). If you choose not to configure a particular pair of ports (Use configured demultiplexing ports = No), then
the Expressway-E will listen on the first pair of ports in the media traversal port range (36000 and 36001 by default).
applies to all RTP/RTCP media, regardless of whether it is H.323 or SIP. The default media traversal port range is
36000 to 59999, and is set on the Expressway-C at Configuration > Traversal Subzone. In Large Expressway
systems the first 12 ports in the range – 36000 to 36011 by default – are always reserved for multiplexed traffic. The
Expressway-E listens on these ports. You cannot configure a distinct range of demultiplex listening ports on Large
systems: they always use the first 6 pairs in the media port range. On Small/Medium systems you can explicitly
specify which 2 ports listen for multiplexed RTP/RTCP traffic, on the Expressway-E (Configuration > Traversal
> Ports). If you choose not to configure a particular pair of ports (Use configured demultiplexing ports = No), then
the Expressway-E will listen on the first pair of ports in the media traversal port range (36000 and 36001 by default).
For example, in a SIP call from within an enterprise to an endpoint at home through an Expressway-C/Expressway-E
pair, the only demultiplexing that would occur would be on the Expressway-E ports facing the Expressway-C:
pair, the only demultiplexing that would occur would be on the Expressway-E ports facing the Expressway-C:
Enterprise
endpoint
endpoint
Expressway-C
Expressway-E
Home
endpoint
endpoint
Non-
demuxed
Non-
demuxed
demuxed
Demuxed
Non-
demuxed
demuxed
RTP ports
36002 36004
36000 36002
RTCP ports
36003 36005
36001 36003
However, an H.323 call from within an enterprise to an Assent capable H.323 endpoint at home through the same
Expressway-C/Expressway-E would perform demultiplexing on both sides of the Expressway-E:
Expressway-C/Expressway-E would perform demultiplexing on both sides of the Expressway-E:
47
Cisco Expressway Administrator Guide
Firewall Traversal