Cisco Cisco Expressway Maintenance Manual

Ensuring that TURN services are disabled on Expressway-E

You must ensure that TURN services are disabled on the Expressway-E used for mobile and remote access.

1. Go to

Configuration > Traversal > TURN

2. Ensure that TURN services are Off.

Checking the status of Unified Communications services

You can check the status of the Unified Communications services on both Expressway-C and Expressway-
E.

1. Go to

Status > Unified Communications

2. Review the list and status of domains, zones and (Expressway-C only) Unified CM and IM&P servers.

Any configuration errors will be listed along with links to the relevant configuration page from where you
can address the issue.

Mobile and remote access port reference

This section summarizes the ports that need to be opened on the firewalls between your internal network
(where the Expressway-C is located) and the DMZ (where the Expressway-E is located) and between the
DMZ and the public internet.

Outbound from Expressway-C (private) to Expressway-E (DMZ)

Purpose

Protocol

Expressway-C (source)

Expressway-E (listening)

XMPP (IM and Presence)

TCP

Ephemeral port

7400

SSH (HTTP/S tunnels)

TCP

Ephemeral port

2222

Traversal zone SIP signaling

TLS

25000 to 29999

7001

Traversal zone SIP media

(for small/medium systems on X8.1 or
later)

UDP

36000 to 59999*

36000 (RTP), 36001
(RTCP) (defaults)

Traversal zone SIP media

(for large systems)

UDP

36000 to 59999*

36000 to 36011 (6 pairs of
RTP and RTCP ports for
multiplexed media
traversal)

Outbound from Expressway-E (DMZ) to public internet

Purpose

Protocol

Expressway-E (source)

Internet endpoint
(listening)

SIP media

UDP

36002 to 59999 or

36012 to 59999

>= 1024

SIP signaling

TLS

25000 to 29999

>= 1024

Cisco Expressway Administrator Guide (X8.2)

Page 63 of 378

Unified Communications

Mobile and remote access