Cisco Cisco Expressway Manuel De Maintenance
Outbound from Expressway-E (DMZ) to public internet
Purpose
Protocol
Expressway-E (source)
Internet endpoint
(listening)
(listening)
SIP media
UDP
36002 to 59999 or
36012 to 59999
>= 1024
SIP signaling
TLS
25000 to 29999
>= 1024
Inbound from public internet to Expressway-E (DMZ)
Purpose
Protocol
Internet endpoint (source)
Expressway-E (listening)
XMPP (IM and Presence)
TCP
>= 1024
5222
HTTP proxy (UDS)
TCP
>= 1024
8443
Media
UDP
>= 1024
36002 to 59999 or
36012 to 59999*
SIP signaling
TLS
>= 1024
5061
HTTPS (only required for external
administrative access, which is
strongly discouraged)
administrative access, which is
strongly discouraged)
TCP
>= 1024
443
From Expressway-C to Internal Infrastructure and Endpoints
Purpose
Protocol
Expressway-C (source)
Internal Device Port/Range
XMPP (IM and Presence)
TCP
Ephemeral port
7400 (IM and Presence)
HTTP proxy (UDS)
TCP
Ephemeral port
8443 (Unified CM)
HTTP proxy (SOAP)
TCP
Ephemeral port
8443 (IM and Presence
Service)
Service)
HTTP (configuration file retrieval)
TCP
Ephemeral port
6970 (Unified CM)
CUC (voicemail)
TCP
Ephemeral port
443 (Unity Connection)
Message Waiting Indicator (MWI) from
Unity Connection
Unity Connection
TCP
Ephemeral port
7080 (Unity Connection)
Media
UDP
36000 to 59999*
>= 1024 (Media recipient
eg. endpoint)
eg. endpoint)
SIP signaling
TCP
25000 to 29999
5060 (Unified CM)
Secure SIP signaling
TLS
25000 to 29999
5061 (Unified CM)
* The default media traversal port range is 36000 to 59999, and is set on the Expressway-C at Configuration
> Traversal Subzone. In Large Expressway systems the first 12 ports in the range – 36000 to 36011 by default – are
always reserved for multiplexed traffic. The Expressway-E listens on these ports. You cannot configure a distinct
range of demultiplex listening ports on Large systems: they always use the first 6 pairs in the media port range. On
Small/Medium systems you can explicitly specify which 2 ports listen for multiplexed RTP/RTCP traffic, on the
Expressway-E (Configuration > Traversal > Ports). If you choose not to configure a particular pair of ports (Use
configured demultiplexing ports = No), then the Expressway-E will listen on the first pair of ports in the media
traversal port range (36000 and 36001 by default).
> Traversal Subzone. In Large Expressway systems the first 12 ports in the range – 36000 to 36011 by default – are
always reserved for multiplexed traffic. The Expressway-E listens on these ports. You cannot configure a distinct
range of demultiplex listening ports on Large systems: they always use the first 6 pairs in the media port range. On
Small/Medium systems you can explicitly specify which 2 ports listen for multiplexed RTP/RTCP traffic, on the
Expressway-E (Configuration > Traversal > Ports). If you choose not to configure a particular pair of ports (Use
configured demultiplexing ports = No), then the Expressway-E will listen on the first pair of ports in the media
traversal port range (36000 and 36001 by default).
260
Cisco Expressway Administrator Guide