Cisco Cisco TelePresence Video Communication Server Expressway
Appendix 3: IP ports and protocols
It is unusual to have any sort of firewall between cluster peers, but if there is, the IP protocols and ports that
must be open between each and every VCS peer in the cluster are listed below.
must be open between each and every VCS peer in the cluster are listed below.
For cluster communications between VCS peers:
n
UDP port 500 (ISAKMP) is used for PKI (Public Key Infrastructure) key exchange
n
Standard SIP and H.323 signaling ports are used for calls
n
UDP port 1719 is used for bandwidth updates between VCS peers
n
IP protocol 51 (IPSec AH) is used for database synchronization
n
UDP ephemeral ports are used for cluster management
If you are using the VCS's built-in Firewall rules feature then you must ensure that it is not configured to
drop or reject traffic sent to UDP ports 4369 – 4380.
drop or reject traffic sent to UDP ports 4369 – 4380.
For cluster communications between VCS peers and a Cisco TMS when running in Provisioning Extension
mode:
mode:
n
VCS ephemeral port to port 443 on Cisco TMS (secure) or
n
VCS ephemeral port to port 80 on Cisco TMS
Note that ports 443 and 80 are the default values; they can be configured in the Cisco TMS IIS, and VCS if
different ports are required.
different ports are required.
IPSec communications
For IPSec between VCS cluster peers:
n
AES256 is used for encryption, SHA256 (4096 bit key length) is used for authentication; peers are identified
by their IP address and are authenticated using a pre-shared key
by their IP address and are authenticated using a pre-shared key
n
Main mode is used during the IKE exchange
n
diffie-hellman group ‘modp4096’ is used
Cisco VCS Cluster Creation and Maintenance Deployment Guide (VCS X8.1)
Page 35 of 48
Appendix 3: IP ports and protocols