Cisco Cisco TelePresence Video Communication Server Expressway
Purpose
Source
Dest.
Source
IP
IP
Source
port
port
Transport
protocol
protocol
Dest. IP
Dest. port
RAS
Endpoint VCSe Any
1719
UDP
192.0.2.2 1719
Q.931/H.225
Endpoint VCSe Any
>=1024
TCP
192.0.2.2 1720
H.245
Endpoint VCSe Any
>=1024
TCP
192.0.2.2 15000 to 19999
RTP & RTCP
Endpoint VCSe Any
>=1024
UDP
192.0.2.2 36002 to 59999
SIP endpoints registering using UDP / TCP or TLS
SIP TCP
Endpoint VCSe Any
>=1024
TCP
192.0.2.2 5060
SIP UDP
Endpoint VCSe Any
>=1024
UDP
192.0.2.2 5060
SIP TLS
Endpoint VCSe Any
>=1024
TCP
192.0.2.2 5061
RTP & RTCP
Endpoint VCSe Any
>=1024
UDP
192.0.2.2 36002 to 59999
TURN server control
Endpoint VCSe Any
>=1024
UDP
192.0.2.2 3478 **
TURN server media
Endpoint VCSe Any
>=1024
UDP
192.0.2.2 24000 to 29999
**
** On Large systems you can configure a range of TURN request listening ports. The default range is 3478 –
3483. The default TURN relay media port range of 24000 – 29999 applies to new installations of X8.1 or later.
The previous default range of 60000 – 61799 still applies to earlier releases that have upgraded to X8.1.
3483. The default TURN relay media port range of 24000 – 29999 applies to new installations of X8.1 or later.
The previous default range of 60000 – 61799 still applies to earlier releases that have upgraded to X8.1.
Outbound (DMZ > Internet)
If you want to restrict communications from the DMZ to the wider Internet, the following table provides
information on the outgoing IP addresses and ports required to permit the VCS Expressway to provide
service to external endpoints.
information on the outgoing IP addresses and ports required to permit the VCS Expressway to provide
service to external endpoints.
Purpose
Source Dest.
Source
IP
IP
Source port
Transport
protocol
protocol
Dest. IP
Dest.
port
port
H.323 endpoints registering with public IP address
RAS
VCSe
Endpoint
192.0.2.2 >=1024
UDP
Any
1719
Q.931/H.225
VCSe
Endpoint
192.0.2.2 15000 to 19999
TCP
Any
1720
H.245
VCSe
Endpoint
192.0.2.2 15000 to 19999
TCP
Any
>=1024
RTP & RTCP
VCSe
Endpoint
192.0.2.2 36000 to 59999
UDP
Any
>=1024
SIP endpoints registering using UDP / TCP or TLS
SIP TCP & TLS
VCSe
Endpoint
192.0.2.2 25000 to 29999
TCP
Any
>=1024
SIP UDP
VCSe
Endpoint
192.0.2.2 5060
UDP
Any
>=1024
RTP & RTCP
VCSe
Endpoint
192.0.2.2 36000 to 59999
UDP
Any
>=1024
TURN server
media
media
VCSe
Endpoint
192.0.2.2 24000 to 29999
**
UDP
Any
>=1024
Other services (as required)
DNS
VCSe
DNS
server
server
192.0.2.2 >=1024
UDP
DNS
servers
servers
53
Cisco TelePresence Video Communication Server Basic Configuration (Control with Expressway) Deploy-
ment Guide (X8.5)
ment Guide (X8.5)
Page 53 of 66
Appendix 3: Firewall and NAT settings