Cisco Cisco TelePresence Video Communication Server Expressway
18
H.323 call with endpoint supporting H.460.18 / 19 non-mux
media
media
VCS Expressway
server (listening) port
Firewall
source port
Call direction
Inbound from or outbound to an
endpoint in the Internet behind a firewall
Open firewall
Internet to DMZ
IP address
IP address of
VCS Expressway
Any IP address
IP Po
rt
s
Initial RAS
connection
connection
UDP R
E
1719
UDP Q
>=1024
Q 931 / H.225
signaling
signaling
TCP M
1720
TCP Q
>=1024
H.245
TCP U
2777
TCP Q
>=1024
RTP
UDP Y
E
36002 to 59999 **
UDP N
>=1024
RTCP
UDP Y
E
36002 to 59999 **
UDP N
>=1024
public
Internet
R
E
Q =Egress IP port from far end non-H.323 aware firewall: any port >= 1024
M = Protocols > H.323 Call signaling TCP port: default = 1720
U = Traversal > Ports > H.323 H.460.18 call signaling port: default = 2777
Y
E
= Local Zone > Traversal Subzone > Traversal Media port start to end (configured
on VCS Expressway): default =
36000 to 59999 **
N = Egress IP port of media from far end non-H.323 aware firewall: any port >= 1024
For calls made from the VCS Expressway to the endpoint:
1. VCS Expressway sends a message to the endpoint using the return path of the
established RAS (registration) connection
2. The endpoint then makes a TCP connection out through its firewall to the VCS
Expressway (port M - 1720 must be open on the firewall local to the VCS
Expressway)
Expressway)
3. Any further connections required (e.g. H.245) are requested by the VCS
Expressway over the established TCP connection, and the endpoint initiates them
(to port U - 2777)
(to port U - 2777)
** The default media port range of 36000 to 59999 applies to new installations of X8.1 or later.
The first 2 ports in the range are used for multiplexed traffic only (with Large VM deployments the
first 12 ports in the range – 36000 to 36011 – are used). The previous default range of 50000 -
54999 still applies to earlier releases that have upgraded to X8.1.
VCS Control
VCS Expressway
DMZ