Cisco Cisco TelePresence Video Communication Server Expressway
Purpose
Source
Dest.
Source
IP
IP
Source
port
port
Transport
protocol
protocol
Dest. IP
Dest. port
SIP UDP
Endpoint VCSe Any
>=1024
UDP
192.0.2.2 5060
SIP TLS
Endpoint VCSe Any
>=1024
TCP
192.0.2.2 5061
RTP & RTCP
Endpoint VCSe Any
>=1024
UDP
192.0.2.2 36002 to 59999
TURN server control
Endpoint VCSe Any
>=1024
UDP
192.0.2.2 3478 **
TURN server media
Endpoint VCSe Any
>=1024
UDP
192.0.2.2 24000 to 29999
**
** On Large VM server deployments you can configure a range of TURN request listening ports. The default
range is 3478 – 3483. The default TURN relay media port range of 24000 – 29999 applies to new installations
of X8.1 or later. The previous default range of 60000 – 61799 still applies to earlier releases that have
upgraded to X8.1.
range is 3478 – 3483. The default TURN relay media port range of 24000 – 29999 applies to new installations
of X8.1 or later. The previous default range of 60000 – 61799 still applies to earlier releases that have
upgraded to X8.1.
Outbound (DMZ > Internet)
If you want to restrict communications from the DMZ to the wider Internet, the following table provides
information on the outgoing IP addresses and ports required to permit the VCS Expressway to provide
service to external endpoints.
information on the outgoing IP addresses and ports required to permit the VCS Expressway to provide
service to external endpoints.
Purpose
Source Dest.
Source
IP
IP
Source port
Transport
protocol
protocol
Dest. IP
Dest.
port
port
H.323 endpoints registering with public IP address
RAS
VCSe
Endpoint
192.0.2.2 >=1024
UDP
Any
1719
Q.931/H.225
VCSe
Endpoint
192.0.2.2 15000 to 19999
TCP
Any
1720
H.245
VCSe
Endpoint
192.0.2.2 15000 to 19999
TCP
Any
>=1024
RTP & RTCP
VCSe
Endpoint
192.0.2.2 36000 to 59999
UDP
Any
>=1024
SIP endpoints registering using UDP / TCP or TLS
SIP TCP & TLS
VCSe
Endpoint
192.0.2.2 25000 to 29999
TCP
Any
>=1024
SIP UDP
VCSe
Endpoint
192.0.2.2 5060
UDP
Any
>=1024
RTP & RTCP
VCSe
Endpoint
192.0.2.2 36000 to 59999
UDP
Any
>=1024
TURN server
media
media
VCSe
Endpoint
192.0.2.2 24000 to 29999
**
UDP
Any
>=1024
Other services (as required)
DNS
VCSe
DNS
server
server
192.0.2.2 >=1024
UDP
DNS
servers
servers
53
NTP (time sync)
VCSe
NTP
server
server
192.0.2.2 123
UDP
NTP
servers
servers
123
It is assumed that remote H.323 devices are registering using the Assent protocol. If the devices are
registering using H.460 18/19, see VCS IP Port Usage for Firewall Traversal Deployment Guide or VCS
Administrator Guide for port usage information.
registering using H.460 18/19, see VCS IP Port Usage for Firewall Traversal Deployment Guide or VCS
Administrator Guide for port usage information.
Cisco VCS Basic Configuration (Control with Expressway) Deployment Guide
Page 53 of 65
Appendix 3: Firewall and NAT settings