Cisco Cisco TelePresence Video Communication Server Expressway
Appendix 2: IP Ports and Protocols
External firewalls between peers
It is unusual to have any sort of external firewall between cluster peers, but if there is, the IP protocols and ports that must
be open between each and every VCS peer in the cluster are listed below.
be open between each and every VCS peer in the cluster are listed below.
For cluster communications between VCS peers:
■
UDP port 500 (ISAKMP) is used for PKI (Public Key Infrastructure) key exchange
■
IP protocol 51 (IPSec AH) is used for database synchronization
For calls between VCS peers:
■
Standard SIP and H.323 signaling ports are used for calls
■
UDP port 1719 is used for bandwidth updates between VCS peers
Firewall rules on the peers
(This section does not apply to external firewalls)
If you are using the VCS's built-in Firewall rules feature, make sure that your rules do not prevent the following
connections:
connections:
Purpose
Protocol
Source
Port
Destination
Port
Cluster communication
TCP
Other peers
Ephemeral
This peer
4369-4380
Cluster recovery
UDP
Other peers
Ephemeral
This peer
4371
Table 1 Clustering connections
Cisco TelePresence Management Suite Provisioning Extension
For cluster communications between VCS peers and a Cisco TMS when running in Provisioning Extension mode:
■
VCS ephemeral port to port 443 on Cisco TMS (secure) or
■
VCS ephemeral port to port 80 on Cisco TMS
Note:
Ports 443 and 80 are the default values; they can be configured in the Cisco TMS IIS, and VCS if different
ports are required.
IPSec Communications
For IPSec between VCS cluster peers:
■
AES256 is used for encryption, SHA256 (4096 bit key length) is used for authentication; peers are identified by
their IP address and are authenticated using a pre-shared key
their IP address and are authenticated using a pre-shared key
■
Main mode is used during the IKE exchange
■
diffie-hellman group ‘modp4096’ is used
MTU Size
The default MTU size on the VCS is 1500 bytes. Under normal conditions this has no effect on the cluster. However, if
there are network elements between the cluster peers (which is not recommended), you must ensure consistent
there are network elements between the cluster peers (which is not recommended), you must ensure consistent
32
Cisco TelePresence VCS Cluster Creation and Maintenance Deployment Guide