Cisco Cisco Expressway Manuale Di Manutenzione
SIP
SIP call signaling
uses the same port as
used by the initial
connection between
the client and server.
uses the same port as
used by the initial
connection between
the client and server.
Where the traversal client is an Expressway, SIP media uses Assent to
traverse the firewall.
traverse the firewall.
Table 2: Default traversal port connections (continued)
* The default media traversal port range is 36000 to 59999, and is set on the Expressway-C at
Configuration
> Traversal Subzone
. In Large Expressway systems the first 12 ports in the range – 36000 to 36011 by
default – are always reserved for multiplexed traffic. The Expressway-E listens on these ports. You cannot
configure a distinct range of demultiplex listening ports on Large systems: they always use the first 6 pairs in
the media port range. On Small/Medium systems you can explicitly specify which 2 ports listen for
multiplexed RTP/RTCP traffic, on the Expressway-E (
configure a distinct range of demultiplex listening ports on Large systems: they always use the first 6 pairs in
the media port range. On Small/Medium systems you can explicitly specify which 2 ports listen for
multiplexed RTP/RTCP traffic, on the Expressway-E (
Configuration > Traversal > Ports
). If you choose
not to configure a particular pair of ports (Use configured demultiplexing ports = No), then the
Expressway-E will listen on the first pair of ports in the media traversal port range (36000 and 36001 by
default).
Expressway-E will listen on the first pair of ports in the media traversal port range (36000 and 36001 by
default).
The call signaling ports are configured via
Configuration > Traversal > Ports
. The traversal media port
range is configured via
Configuration > Traversal Subzone
.
Configuring TURN ports
can be used by ICE-enabled SIP endpoints.
The ports used by these services are configurable via
Configuration > Traversal > TURN
.
The ICE clients on each of the SIP endpoints must be able to discover these ports, either by using SRV
records in DNS or by direct configuration.
records in DNS or by direct configuration.
Configuring ports for connections out to the public internet
In situations where the Expressway-E is attempting to connect to an endpoint on the public internet, you will
not know the exact ports on the endpoint to which the connection will be made. This is because the ports to
be used are determined by the endpoint and advised to the Expressway-E only after the server has located
the endpoint on the public internet. This may cause problems if your Expressway-E is located within a DMZ
(where there is a firewall between the Expressway-E and the public internet) as you will not be able to specify
in advance any rules that will allow you to connect out to the endpoint’s ports.
not know the exact ports on the endpoint to which the connection will be made. This is because the ports to
be used are determined by the endpoint and advised to the Expressway-E only after the server has located
the endpoint on the public internet. This may cause problems if your Expressway-E is located within a DMZ
(where there is a firewall between the Expressway-E and the public internet) as you will not be able to specify
in advance any rules that will allow you to connect out to the endpoint’s ports.
You can however specify the ports on the Expressway-E that are used for calls to and from endpoints on the
public internet so that your firewall administrator can allow connections via these ports. The ports that can be
configured for this purpose are:
public internet so that your firewall administrator can allow connections via these ports. The ports that can be
configured for this purpose are:
H.323
SIP
TURN
TCP/1720: signaling
UDP/1719: signaling
UDP/36000-59999: media*
TCP/15000-19999: signaling
TCP/5061: signaling
UDP/5060 (default): signaling
UDP/36000-59999: media*
TCP: a temporary port in the range
25000-29999 is allocated
25000-29999 is allocated
UDP/3478 (default): TURN services
**
**
UDP/24000-29999 (default range):
media
media
Table 3: Port connections out to the public internet
Cisco Expressway Administrator Guide (X8.5.2)
Page 52 of 403
Firewall traversal
Configuring ports for firewall traversal