Cisco Cisco TelePresence Video Communication Server Expressway 관리 매뉴얼
pair (either 2776 & 2777 or 50000 & 50001 by default, depending on upgrade path) and the switch Use configured
demultiplexing ports is set to Yes. If you do not want to use a particular pair of ports, switch Use configured
demultiplexing ports to No, then the VCS Expressway will listen on the first pair of ports in the media traversal port
range (36000 and 36001 by default). In this case, we recommend that you close the previously configured ports after
you configure the firewall for the new ports.
demultiplexing ports is set to Yes. If you do not want to use a particular pair of ports, switch Use configured
demultiplexing ports to No, then the VCS Expressway will listen on the first pair of ports in the media traversal port
range (36000 and 36001 by default). In this case, we recommend that you close the previously configured ports after
you configure the firewall for the new ports.
Note that:
■
Ports 8191/8192 TCP and 8883/8884 TCP are used internally within the VCS Control and the VCS Expressway
applications. Therefore these ports must not be allocated for any other purpose. The VCS Expressway listens
externally on port 8883; therefore we recommend that you create custom firewall rules on the external LAN
interface to drop TCP traffic on that port.
applications. Therefore these ports must not be allocated for any other purpose. The VCS Expressway listens
externally on port 8883; therefore we recommend that you create custom firewall rules on the external LAN
interface to drop TCP traffic on that port.
■
The VCS Expressway listens on port 2222 for SSH tunnel traffic. The only legitimate sender of such traffic is
the VCS Control (cluster). Therefore we recommend that you create the following firewall rules for the SSH
tunnels service:
the VCS Control (cluster). Therefore we recommend that you create the following firewall rules for the SSH
tunnels service:
—
one or more rules to allow all of the VCS Control peer addresses (via the internal LAN interface, if
appropriate)
appropriate)
—
followed by a lower priority (higher number) rule that drops all traffic for the SSH tunnels service (on the
internal LAN interface if appropriate, and if so, another rule to drop all traffic on the external interface)
internal LAN interface if appropriate, and if so, another rule to drop all traffic on the external interface)
External XMPP Federation
This section describes how to configure your VCS to support external XMPP federation.
Deploying VCS for External XMPP Federation
External XMPP federation enables users registered to Unified CM IM & Presence to communicate via the VCS
Expressway with users from a different XMPP deployment.
Expressway with users from a different XMPP deployment.
The following diagram shows how XMPP messages are routed from your on-premises IM & Presence server via the
VCS Control and VCS Expressway Collaboration Edge solution to the federated XMPP server. It also shows the ports
and connections that are used as the messages traverse DMZ firewalls.
VCS Control and VCS Expressway Collaboration Edge solution to the federated XMPP server. It also shows the ports
and connections that are used as the messages traverse DMZ firewalls.
Supported Systems
■
VCS Expressway supports XMPP federation with:
—
Cisco Unified Communications Manager IM and Presence Service 9.1.1 or later
—
Cisco Webex Connect Release 6.x
—
other XMPP standards-compliant servers
■
Cisco Jabber 9.7 or later
86
Cisco TelePresence Video Communication Server Administrator Guide
Unified Communications