Cisco Cisco TelePresence Video Communication Server Expressway
19
H.323 call with endpoint supporting H460.18 / 19
multiplexed media
multiplexed media
VCS Expressway
server (listening) port
Firewall
source port
Call direction
Inbound from or outbound to an
endpoint in the Internet behind a firewall
Open firewall
Internet to DMZ
IP address
IP address of
VCS Expressway
Any IP address
IP Po
rt
s
Initial RAS
connection
connection
UDP R
E
1719
UDP Q
>=1024
Q 931 / H.225
signaling
signaling
TCP M
1720
TCP Q
>=1024
H.245
TCP U
2777
TCP Q
>=1024
RTP
UDP V
2776
UDP N
>=1024
RTCP
UDP W
2777
UDP N
>=1024
public
Internet
R
E
= Protocols > H.323 > Gatekeeper Registration > UDP port, default = 1719
Q =Egress IP port from far end non-H.323 aware firewall: any port >= 1024
M = Protocols > H.323 Call signaling TCP port: default = 1720
U = VCS Expressway > Ports > H.323 H.460.18 call signaling port: default = 2777
V = VCS Expressway > Ports > Media demultiplexing RTP port: default = 2776
W = VCS Expressway > Ports > Media demultiplexing RTCP port: default = 2777
N = Egress IP port of media from far end non-H.323 aware firewall: any port >= 1024
VCS Control
VCS Expressway
DMZ
For calls made from the VCS Expressway to the endpoint:
1. VCS Expressway sends a message to the endpoint using the
return path of the established RAS (registration) connection
2. The endpoint then makes a TCP connection out through its
firewall to the VCS Expressway (port M - 1720 must be open
on the firewall local to the VCS Expressway)
on the firewall local to the VCS Expressway)
3. Any further connections required (e.g. H.245) are requested by
the VCS Expressway over the established TCP connection,
and the endpoint initiates them (to port U - 2777)
and the endpoint initiates them (to port U - 2777)