Cisco Cisco TelePresence Video Communication Server Expressway 관리 매뉴얼
Firewall traversal
Firewall traversal protocols and ports
Ports play a vital part in firewall traversal configuration. The correct ports must be set on the Cisco
VCS Expressway, traversal client and firewall in order for connections to be permitted.
VCS Expressway, traversal client and firewall in order for connections to be permitted.
Ports are initially configured on the Cisco VCS Expressway by the Cisco VCS Expressway
administrator. The firewall administrator and the traversal client administrator should then be notified of
the ports, and they must then configure their systems to connect to these specific ports on the server.
The only port configuration that is done on the client is the range of ports it uses for outgoing
connections; the firewall administrator may need to know this information so that if necessary they
can configure the firewall to allow outgoing connections from those ports.
administrator. The firewall administrator and the traversal client administrator should then be notified of
the ports, and they must then configure their systems to connect to these specific ports on the server.
The only port configuration that is done on the client is the range of ports it uses for outgoing
connections; the firewall administrator may need to know this information so that if necessary they
can configure the firewall to allow outgoing connections from those ports.
The
pages (under
Maintenance > Tools > Port usage
) show, in table format, all the IP
ports that are being used on the Cisco VCS, both inbound and outbound. This information can be
provided to your firewall administrator so that the firewall can be configured appropriately.
provided to your firewall administrator so that the firewall can be configured appropriately.
Expressway process
The Expressway solution works as follows:
1. Each traversal client connects via the firewall to a unique port on the Cisco VCS Expressway.
2. The server identifies each client by the port on which it receives the connection, and the
2. The server identifies each client by the port on which it receives the connection, and the
authentication credentials provided by the client.
3. After the connection has been established, the client constantly sends a probe to the Cisco VCS
Expressway via this connection in order to keep the connection alive.
4. When the Cisco VCS Expressway receives an incoming call for the client, it uses this initial
connection to send an incoming call request to the client.
5. The client then initiates one or more outbound connections. The destination ports used for these
connections differ for signaling and/or media, and depend on the protocol being used (see the
following sections for more details).
following sections for more details).
H.323 firewall traversal protocols
The Cisco VCS supports two different firewall traversal protocols for H.323: Assent and
H.460.18/H.460.19.
H.460.18/H.460.19.
n
Assent is Cisco’s proprietary protocol.
n
H.460.18 and H.460.19 are ITU standards which define protocols for the firewall traversal of
signaling and media respectively. These standards are based on the original Assent protocol.
signaling and media respectively. These standards are based on the original Assent protocol.
A traversal server and traversal client must use the same protocol in order to communicate. The two
protocols each use a different range of ports.
protocols each use a different range of ports.
SIP firewall traversal protocols
The Cisco VCS supports the Assent protocol for SIP firewall traversal of media.
The signaling is traversed through a TCP/TLS connection established from the client to the server.
Ports for initial connections from traversal clients
Each traversal server zone specifies an H.323 port and a SIP port to be used for the initial connection
from the client.
from the client.
Each time you configure a new traversal server zone on the Cisco VCS Expressway, you are
allocated default port numbers for these connections:
allocated default port numbers for these connections:
Cisco VCS Administrator Guide (X6)
Page 172 of 295