Cisco Cisco Expressway Maintenance Manual
Note that:
■
Ports 8191/8192 TCP and 8883/8884 TCP are used internally within the Expressway-C and the Expressway-E
applications. Therefore these ports must not be allocated for any other purpose. The Expressway-E listens
externally on port 8883; therefore we recommend that you create custom firewall rules on the external LAN
interface to drop TCP traffic on that port.
applications. Therefore these ports must not be allocated for any other purpose. The Expressway-E listens
externally on port 8883; therefore we recommend that you create custom firewall rules on the external LAN
interface to drop TCP traffic on that port.
■
The Expressway-E listens on port 2222 for SSH tunnel traffic. The only legitimate sender of such traffic is the
Expressway-C (cluster). Therefore we recommend that you create the following firewall rules for the SSH
tunnels service:
Expressway-C (cluster). Therefore we recommend that you create the following firewall rules for the SSH
tunnels service:
—
one or more rules to allow all of the Expressway-C peer addresses (via the internal LAN interface, if
appropriate)
appropriate)
—
followed by a lower priority (higher number) rule that drops all traffic for the SSH tunnels service (on the
internal LAN interface if appropriate, and if so, another rule to drop all traffic on the external interface)
internal LAN interface if appropriate, and if so, another rule to drop all traffic on the external interface)
Microsoft Lync B2BUA Port Reference
The port numbers listed below are the default port values. The values used in a real deployment may vary if they have
been modified, for example, by changes of registry settings or through group policy, on Lync and Lync client, or
configuration on Expressway (Applications > B2BUA).
been modified, for example, by changes of registry settings or through group policy, on Lync and Lync client, or
configuration on Expressway (Applications > B2BUA).
Purpose
Protocol
IP port
Lync IP port
Signaling to Lync Server
TLS
65072
5061 (Lync signaling destination
port)
port)
Signaling from Lync Server
TLS
65072
Lync ephemeral port
Media
(The Lync B2BUA application should run
on a separate "Gateway" Expressway
and so this range should not conflict with
the standard traversal media port range)
on a separate "Gateway" Expressway
and so this range should not conflict with
the standard traversal media port range)
Note:
The Expressway does not forward
DSCP information that it receives in
media streams.
media streams.
UDP
56000 to 57000
Each call can use
up to 18 ports if
you Enable RDP
Transcoding for
this B2BUA.
up to 18 ports if
you Enable RDP
Transcoding for
this B2BUA.
Increase this range
if you see "Media
port pool
exhausted"
warnings.
if you see "Media
port pool
exhausted"
warnings.
Lync client media ports
Desktop shares from Lync clients to
B2BUA
B2BUA
TCP
56000 to 57000
Lync client RDP ports
Table 13 Between B2BUA and Lync
Purpose
Protocol
B2BUA port
Expressway IP port
Internal communications with
Expressway application
Expressway application
TLS
65070
SIP TCP outbound port on
Expressway
Expressway
Transcoded desktop shares from B2BUA
to internal recipients
to internal recipients
UDP
56000 to 57000
Recipient of media is dependent
on deployment and called alias;
eg. endpoint, TelePresence
Server, Expressway-C
on deployment and called alias;
eg. endpoint, TelePresence
Server, Expressway-C
Table 14 Between B2BUA and Internal Video Network
261
Cisco Expressway Administrator Guide