Cisco Cisco Expressway
Purpose
Source
Dest.
Source IP Source port Transport protocol
Dest. IP
Dest. port
SIP UDP
Endpoint EXPe
Any
>=1024
UDP
192.0.2.2
5060
SIP TLS
Endpoint EXPe
Any
>=1024
TCP
192.0.2.2
5061
RTP & RTCP
Endpoint EXPe
Any
>=1024
UDP
192.0.2.2
36002 to 59999
TURN server control
Endpoint EXPe
Any
>=1024
UDP
192.0.2.2
3478 **
TURN server media
Endpoint EXPe
Any
>=1024
UDP
192.0.2.2
24000 to 29999
** On Large systems you can configure a range of TURN request listening ports. The default range is 3478 – 3483.
Outbound (DMZ > Internet)
If you want to restrict communications from the DMZ to the wider Internet, the following table provides information on the
outgoing IP addresses and ports required to permit the Expressway-E to provide service to external endpoints.
outgoing IP addresses and ports required to permit the Expressway-E to provide service to external endpoints.
Purpose
Source
Dest.
Source
IP
IP
Source port
Transport
protocol
protocol
Dest. IP
Dest.
port
port
H.323 endpoints with public IP address
Q.931/H.225
EXPe
Endpoint
192.0.2.2
15000 to 19999
TCP
Any
1720
H.245
EXPe
Endpoint
192.0.2.2
15000 to 19999
TCP
Any
>=1024
RTP & RTCP
EXPe
Endpoint
192.0.2.2
36000 to 59999
UDP
Any
>=1024
SIP endpoints using UDP / TCP or TLS
SIP TCP & TLS
EXPe
Endpoint
192.0.2.2
25000 to 29999
TCP
Any
>=1024
SIP UDP
EXPe
Endpoint
192.0.2.2
5060
UDP
Any
>=1024
RTP & RTCP
EXPe
Endpoint
192.0.2.2
36000 to 59999
UDP
Any
>=1024
TURN server
media
media
EXPe
Endpoint
192.0.2.2
24000 to 29999 UDP
Any
>=1024
Other services (as required)
DNS
EXPe
DNS
server
server
192.0.2.2
>=1024
UDP
DNS
servers
servers
53
NTP (time sync)
EXPe
NTP server
192.0.2.2
123
UDP
NTP servers
123
43
Cisco Expressway-E and Expressway-C - Basic Configuration Deployment Guide