Cisco Cisco TelePresence Video Communication Server Expressway
Appendix 3 – IP ports and protocols
Cisco VCS Deployment Guide: Cluster creation and maintenance (Cisco VCS X7.2)
Page 52 of 71
Appendix 3 – IP ports and protocols
It is unusual to have any sort of firewall between cluster peers, but if there is, the following lists
document the IP protocols and ports that must be open between each and every VCS peer in the
cluster.
document the IP protocols and ports that must be open between each and every VCS peer in the
cluster.
For cluster communications between VCS peers:
UDP port 500 (ISAKMP) for PKI (Public Key Infrastructure) key exchange
Standard SIP and H.323 signaling and media ports are used for calls (see X4 to X7 VCS Port
Usage for Firewall Traversal for more information)
Usage for Firewall Traversal for more information)
UDP port 1719 is used for bandwidth updates between VCS peers
IP protocol 51 (IPSec AH) is used for database synchronization
UDP ephemeral ports are used for cluster management
For cluster communications between VCS peers and a TMS when running in Provisioning Extension
mode:
mode:
VCS ephemeral port to port 443 on TMS (secure) or
VCS ephemeral port to port 80 on TMS
Note that port 443 or 80 are the default values; they can be configured in the TMS IIS, and VCS if
different ports are required.
different ports are required.
For cluster communications between VCS peers and a TMS when running in TMS Agent Legacy
mode:
mode:
TCP port 389 (LDAP) is used for directory lookup services
TCP port 636 is reserved, currently not used
TCP port 8989 is used for FindMe and provisioning data synchronization replication
TCP port 4444 is used for FindMe and provisioning data synchronization administration from TMS
to VCS
to VCS
IPSEC communications
For IPSEC between VCS cluster peers:
AES256 is used for encryption, SHA256 (4096 bit key length) is used for authentication. Peers are
identified by their IP address and are authenticated using a pre-shared key.
identified by their IP address and are authenticated using a pre-shared key.
Main mode is used during the IKE exchange.
diffie-hellman group ‘modp4096’ is being used.