Cisco Cisco TelePresence Video Communication Server Expressway 관리 매뉴얼
pages (under Maintenance > Tools > Port usage) list all the IP ports that are being used on
the VCS, both inbound and outbound. This information can be provided to your firewall administrator so that the
firewall can be configured appropriately.
firewall can be configured appropriately.
When Advanced Networking is enabled, all ports configured on the VCS, including those relating to firewall traversal,
apply to both IP addresses; you cannot configure ports separately for each IP address.
apply to both IP addresses; you cannot configure ports separately for each IP address.
The Expressway solution works as follows:
1.
Each traversal client connects via the firewall to a unique port on the VCS Expressway.
2.
The server identifies each client by the port on which it receives the connection, and the authentication
credentials provided by the client.
credentials provided by the client.
3.
After the connection has been established, the client regularly sends a probe to the VCS Expressway to keep
the connection alive.
the connection alive.
4.
When the VCS Expressway receives an incoming call for the client, it uses this initial connection to send an
incoming call request to the client.
incoming call request to the client.
5.
The client then initiates one or more outbound connections. The destination ports used for these connections
differ for signaling and/or media, and depend on the protocol being used (see the following sections for more
details).
differ for signaling and/or media, and depend on the protocol being used (see the following sections for more
details).
Configuring the Firewall
For Expressway firewall traversal to function correctly, your firewall must be configured to:
■
allow initial outbound traffic from the client to the ports being used by the VCS Expressway
■
allow return traffic from those ports on the VCS Expressway back to the originating client
Note:
we recommend that you turn off any H.323 and SIP protocol support on the firewall: these are not needed in
conjunction with the Expressway solution and may interfere with its operation.
Configuring Traversal Server Ports
The VCS Expressway has specific listening ports used for firewall traversal. Rules must be set on your firewall to allow
connections to these ports. In most cases the default ports should be used. However, you have the option to change
these ports if necessary by going to the Ports page (Configuration > Traversal > Ports).
connections to these ports. In most cases the default ports should be used. However, you have the option to change
these ports if necessary by going to the Ports page (Configuration > Traversal > Ports).
The configurable ports for signaling are:
■
H.323 Assent call signaling port; default is 2776
■
H.323 H.460.18 call signaling port; default is 2777
RTP and RTCP Media Demultiplexing Ports
:
■
Small/Medium systems: 1 pair of RTP and RTCP media demultiplexing ports are used. They can either be
explicitly specified or they can be allocated from the start of the general range of traversal media ports.
explicitly specified or they can be allocated from the start of the general range of traversal media ports.
■
Large systems: 6 pairs of RTP and RTCP media demultiplexing ports are used. They are always allocated from
the start of the traversal media ports range.
the start of the traversal media ports range.
Configuring Ports for Connections From Traversal Clients
Each traversal server zone specifies an H.323 port and a SIP port to use for the initial connection from the client. Each
time you configure a new traversal server zone on the VCS Expressway, you are allocated default port numbers for
these connections:
time you configure a new traversal server zone on the VCS Expressway, you are allocated default port numbers for
these connections:
56
Cisco TelePresence Video Communication Server Administrator Guide
Firewall Traversal