Cisco Cisco TelePresence Video Communication Server Expressway
10
SIP call to endpoint behind non SIP-aware firewall
public
Internet
VCS Expressway
source port
Internet endpoint
server (listening) port
VCS Expressway
server (listening) port
Internet endpoint
source port
Call direction
Outbound to an endpoint behind a
firewall
Inbound from an endpoint behind a
firewall
Open firewall
DMZ to Internet
Internet to DMZ
IP address
IP address of
VCS Expressway
Any IP address
IP address of
VCS Expressway
Any IP address
IP Po
rt
s
SIP signaling
UDP C
5060
TCP & TLS A
25000 to 29999
UDP & TCP &
TLS F
5060 or >= 1024
UDP: C
5060
TCP: K
5060
TLS: L
5061
UDP, TCP & TLS:
Q
>= 1024
RTP
UDP Y
E
50000 to 52399
UDP N
>= 1024
UDP Y
E
50000 to 52399
UDP N
>= 1024
RTCP
UDP Y
E
50000 to 52399
UDP N
>= 1024
UDP Y
E
50000 to 52399
UDP N
>= 1024
C = Protocols > SIP > Configuration > UDP
port: default = 5060
A = Protocols > SIP > Configuration > TCP
Outbound port start to end: default =
25000 to 29999
25000 to 29999
F = defined by endpoint’s registration (or if
call is to a non registered endpoint, IP port
is defined by DNS lookup) any port >=
1024, often 5060 for UDP
is defined by DNS lookup) any port >=
1024, often 5060 for UDP
K = Protocols > SIP > Configuration > TCP
port: default = 5060
L = Protocols > SIP > Configuration > TLS
port: default =5061
Q = Egress IP port from far end non-NAT
aware firewall: any port >= 1024
Y
E
= Local Zone > Traversal Subzone >
Traversal Media port start to end
(configured on VCS Expressway): default
= 50000 to 52399
(configured on VCS Expressway): default
= 50000 to 52399
N = VCS waits until it receives media, then it
sends its media to the IP port from which
the media was received (egress port of
the media from the far end non SIP-aware
firewall): any port >= 1024
the media was received (egress port of
the media from the far end non SIP-aware
firewall): any port >= 1024
VCS Control
VCS Expressway
DMZ