Cisco Cisco Expressway
12
SIP call to endpoint behind non SIP-aware firewall
Expressway-E
source port
Internet endpoint
server (listening) port
Expressway-E
listening port
Internet endpoint
source port
Call direction
Outbound to an endpoint behind a
firewall
Inbound from an endpoint behind a
firewall
Open firewall
DMZ to Internet
Internet to DMZ
IP address
IP address of
Expressway-E
Any IP address
IP address of
Expressway-E
Any IP address
IP Po
rt
s
SIP signaling
UDP C
5060
TCP & TLS A
25000 to 29999
UDP & TCP &
TLS F
5060 or >= 1024
UDP: C
5060
TCP: K
5060
TLS: L
5061
UDP, TCP &
TLS: Q
>= 1024
RTP
UDP Y
E
36002 to 59999 *
UDP N
>= 1024
UDP Y
E
36002 to 59999 *
UDP N
>= 1024
RTCP
UDP Y
E
36002 to 59999 *
UDP N
>= 1024
UDP Y
E
36002 to 59999 *
UDP N
>= 1024
C = Protocols > SIP > UDP port: default = 5060
A = Protocols > SIP > TCP Outbound port start to end:
default = 25000 to 29999
F = IP port is defined by DNS lookup; any port >=
1024, often 5060 for UDP
K = Protocols > SIP > TCP port: default = 5060
L = Protocols > SIP > TLS port: default =5061
Q = Egress IP port from far end non-NAT aware
firewall: any port >= 1024
Y
E
= Local Zone > Traversal Subzone > Traversal
Media port start to end (configured on
Expressway-E): default =
Expressway-E): default =
36000 to 59999 *
N = Expressway waits until it receives media, then it
sends its media to the IP port from which the
media was received (egress port of the media from
the far end non SIP-aware firewall): any port >=
1024
media was received (egress port of the media from
the far end non SIP-aware firewall): any port >=
1024
* The first 2 ports in the range are used for multiplexed traffic
only (with Large VM deployments the first 12 ports in the
range – 36000 to 36011 – are used).
only (with Large VM deployments the first 12 ports in the
range – 36000 to 36011 – are used).
Internet
Expressway-C
Expressway-E
DMZ