Cisco Cisco TelePresence Video Communication Server Expressway
17
H.323 call with endpoint supporting Assent behind firewall
VCS Expressway
server (listening) port
Firewall
source port
Call direction
Inbound from or outbound to an
endpoint in the Internet behind a firewall
Open firewall
Internet to DMZ
IP address
IP address of
VCS Expressway
Any IP address
IP Po
rt
s
Initial RAS
connection
connection
UDP R
E
1719
UDP Q
>=1024
Q 931 / H.225
signaling
signaling
TCP T
2776
TCP Q
>=1024
H.245
TCP T
2776
TCP Q
>=1024
RTP
UDP V
2776
UDP N
>=1024
RTCP
UDP W
2777
UDP N
>=1024
public
Internet
R
E
= Protocols > H.323 > Gatekeeper Registration > UDP port, default = 1719
Q =Egress IP port from far end non-H.323 aware firewall: any port >= 1024
T = VCS Expressway > Ports > H.323 Assent call signaling port: default = 2776
V = VCS Expressway > Ports > Media demultiplexing RTP port: default = 2776
W = VCS Expressway > Ports > Media demultiplexing RTCP port: default = 2777
N = Egress IP port of media from far end non-H.323 aware firewall: any port >= 1024
VCS Control
VCS Expressway
DMZ
For calls made from the VCS Expressway to the endpoint:
1. VCS Expressway sends a message to the endpoint using the
return path of the established RAS (registration) connection
2. The endpoint then makes a TCP connection out through its
firewall to the VCS Expressway (port T - 2776 must be open
on the firewall local to the VCS Expressway)
on the firewall local to the VCS Expressway)
3. Any further connections required (e.g. H.245) are requested by
the VCS Expressway over the established TCP connection,
and the endpoint initiates them (to port
and the endpoint initiates them (to port
T
- 2776)