Cisco Cisco Expressway 维护手册
support connections to ports other than UDP/1719, therefore we recommend that you leave this as the
default.
default.
■
You must allow outbound connections through your firewall to each of the unique SIP and H.323 ports that are
configured on each of the Expressway-E’s traversal server zones.
configured on each of the Expressway-E’s traversal server zones.
The following table shows the default ports used for connections to the Expressway-E.
Protocol
Call signaling
Media
Assent
TCP/2776: listening
port for H.225 and
H.245 protocols
port for H.225 and
H.245 protocols
The RTP and RTCP media demultiplexing ports in Large system are always
allocated from the start of the general range of traversal media ports
(UDP/36000-36011
allocated from the start of the general range of traversal media ports
(UDP/36000-36011
). In Small/Medium systems the media
demultiplexing ports can either be explicitly specified or they can be
allocated from the start of the traversal media ports range.
allocated from the start of the traversal media ports range.
H.460.18/19 TCP/1720: listening
port for H.225
protocol
protocol
TCP/2777: listening
port for H.245
protocol
port for H.245
protocol
The RTP and RTCP media demultiplexing ports in Large systems are always
allocated from the start of the general range of traversal media ports
(UDP/36000-36011
allocated from the start of the general range of traversal media ports
(UDP/36000-36011
). In Small/Medium systems the media
demultiplexing ports can either be explicitly specified or they can be
allocated from the start of the traversal media ports range.
allocated from the start of the traversal media ports range.
RTP and RTCP media non-demultiplexing ports are allocated from the
remainder of the traversal media ports range: UDP/36002-59999
remainder of the traversal media ports range: UDP/36002-59999
SIP
SIP call signaling
uses the same port as
used by the initial
connection between
the client and server.
uses the same port as
used by the initial
connection between
the client and server.
Where the traversal client is an Expressway, SIP media uses Assent to
traverse the firewall.
traverse the firewall.
Table 7 Default traversal port connections
Note:
The default media traversal port range is 36000 to 59999, and is set on the Expressway-C at Configuration
> Traversal Subzone. In Large Expressway systems the first 12 ports in the range – 36000 to 36011 by default – are
always reserved for multiplexed traffic. The Expressway-E listens on these ports. You cannot configure a distinct
range of demultiplex listening ports on Large systems: they always use the first 6 pairs in the media port range. On
Small/Medium systems you can explicitly specify which 2 ports listen for multiplexed RTP/RTCP traffic, on the
Expressway-E (Configuration > Traversal > Ports). If you choose not to configure a particular pair of ports (Use
configured demultiplexing ports = No), then the Expressway-E will listen on the first pair of ports in the media
traversal port range (36000 and 36001 by default).
> Traversal Subzone. In Large Expressway systems the first 12 ports in the range – 36000 to 36011 by default – are
always reserved for multiplexed traffic. The Expressway-E listens on these ports. You cannot configure a distinct
range of demultiplex listening ports on Large systems: they always use the first 6 pairs in the media port range. On
Small/Medium systems you can explicitly specify which 2 ports listen for multiplexed RTP/RTCP traffic, on the
Expressway-E (Configuration > Traversal > Ports). If you choose not to configure a particular pair of ports (Use
configured demultiplexing ports = No), then the Expressway-E will listen on the first pair of ports in the media
traversal port range (36000 and 36001 by default).
The call signaling ports are configured via Configuration > Traversal > Ports. The traversal media port range is
configured via Configuration > Traversal Subzone.
configured via Configuration > Traversal Subzone.
Configuring TURN Ports
(Traversal Using Relays around NAT) which can be used
by ICE-enabled SIP endpoints.
The ports used by these services are configurable via Configuration > Traversal > TURN.
The ICE clients on each of the SIP endpoints must be able to discover these ports, either by using SRV records in DNS
or by direct configuration.
or by direct configuration.
Configuring Ports for Connections Out to the Public Internet
In situations where the Expressway-E is attempting to connect to an endpoint on the public internet, you will not
know the exact ports on the endpoint to which the connection will be made. This is because the ports to be used are
know the exact ports on the endpoint to which the connection will be made. This is because the ports to be used are
58
Cisco Expressway Administrator Guide
Firewall Traversal