Cisco Cisco TelePresence Video Communication Server Expressway 관리 매뉴얼
Firewall traversal
Cisco VCS Administrator Guide (X7.1)
Page 224 of 479
You have the option to change these ports if necessary by going to the
page (
VCS configuration >
Expressway > Ports
).
If your VCS Expressway does not have any endpoints registering directly with it, and it is not part of a
cluster, then UDP/1719 is not required. You therefore do not need to allow outbound connections to this port
through the firewall between the VCS Control and VCS Expressway.
cluster, then UDP/1719 is not required. You therefore do not need to allow outbound connections to this port
through the firewall between the VCS Control and VCS Expressway.
TURN ports
The VCS Expressway can be enabled to provide
(Traversal Using Relays around NAT)
which can be used by SIP endpoints that support the ICE firewall traversal protocol.
The ports used by these services are configurable on the
page (
VCS configuration > Expressway >
TURN
).
The ICE clients on each of the SIP endpoints must be able to discover these ports, either by using SRV
records in DNS or by direct configuration.
records in DNS or by direct configuration.
Ports for connections out to the public internet
In situations where the VCS Expressway is attempting to connect to an endpoint on the public internet, you
will not know the exact ports on the endpoint to which the connection will be made. This is because the ports
to be used are determined by the endpoint and advised to the VCS Expressway only after the server has
located the endpoint on the public internet. This may cause problems if your VCS Expressway is located
within a DMZ (that is, there is a firewall between the VCS Expressway and the public internet) as you will not
be able to specify in advance rules that will allow you to connect out to the endpoint’s ports.
will not know the exact ports on the endpoint to which the connection will be made. This is because the ports
to be used are determined by the endpoint and advised to the VCS Expressway only after the server has
located the endpoint on the public internet. This may cause problems if your VCS Expressway is located
within a DMZ (that is, there is a firewall between the VCS Expressway and the public internet) as you will not
be able to specify in advance rules that will allow you to connect out to the endpoint’s ports.
You can however specify the ports on the VCS Expressway that are used for calls to and from endpoints on
the public internet so that your firewall administrator can allow connections via these ports. The ports that
can be configured for this purpose are:
the public internet so that your firewall administrator can allow connections via these ports. The ports that
can be configured for this purpose are:
H.323
SIP
TURN
TCP/1720: signaling
UDP/1719: signaling
UDP/50000-52399: media
TCP/15000-19999: signaling
TCP/5061: signaling
UDP/5060 (default): signaling
UDP/50000-52399: media
TCP: a temporary port in the range
25000-29999 is allocated
25000-29999 is allocated
UDP/3478 (default): TURN services
UDP/60000-61200 (default range):
media
media