Manual
Table Of Contents
- Preface
- Introduction
- Process Summary
- Prerequisites
- Run the Service Setup Wizard
- VCS System Configuration
- Routing Configuration
- Pre-search Transforms
- Search Rules
- Task 8: Configuring Transforms
- Task 9: Configuring Local Zone Search Rules
- Task 10: Configuring the Traversal Zone
- Neighboring Between VCS Clusters
- Task 11: Configuring Traversal Zone Search Rules
- Task 12: Configuring the DNS Zone
- Task 13: Configuring DNS Zone Search Rules
- Task 14: Configuring External (Unknown) IP Address Routing
- Endpoint Registration
- System Checks
- Maintenance Routine
- Optional Configuration Tasks
- Appendix 1: Configuration Details
- Appendix 2: DNS Records
- Appendix 3: Firewall and NAT Settings
- Appendix 4: Advanced Network Deployments
- Obtaining Documentation and Submitting a Service Request
- Cisco Legal Information
- Cisco Trademark
Purpose Source Dest. Source
IP
Source
port
Transport
protocol
Dest. IP Dest. port
H.323 endpoints
registering
with public IP addresses
RAS Endpoint VCSe Any 1719 UDP 192.0.2.2 1719
Q.931/H.225 Endpoint VCSe Any >=1024 TCP 192.0.2.2 1720
H.245 Endpoint VCSe Any >=1024 TCP 192.0.2.2 15000 to 19999
RTP & RTCP Endpoint VCSe Any >=1024 UDP 192.0.2.2 36002 to 59999
SIP endpoints
registering
using UDP / TCP or TLS
SIP TCP Endpoint VCSe Any >=1024 TCP 192.0.2.2 5060
SIP UDP Endpoint VCSe Any >=1024 UDP 192.0.2.2 5060
SIP TLS Endpoint VCSe Any >=1024 TCP 192.0.2.2 5061
RTP & RTCP Endpoint VCSe Any >=1024 UDP 192.0.2.2 36002 to 59999
TURN server control Endpoint VCSe Any >=1024 UDP 192.0.2.2 3478 **
TURN server media Endpoint VCSe Any >=1024 UDP 192.0.2.2 24000 to 29999
**
** On Large systems you can configure a range of TURN request listening ports. The default range is 3478 – 3483.
The default TURN relay media port range of 24000 – 29999 applies to new installations of X8.1 or later. The previous
default range of 60000 – 61799 still applies to earlier releases that have upgraded to X8.1.
Outbound (DMZ > Internet)
If you want to restrict communications from the DMZ to the wider Internet, the following table provides information on
the outgoing IP addresses and ports required to permit the VCS Expressway to provide service to external endpoints.
Purpose Source Dest. Source IP Source port Transport
protocol
Dest. IP Dest.
port
H.323 endpoints
registering
with public IP address
RAS VCSe Endpoint 192.0.2.2 >=1024 UDP Any 1719
Q.931/H.225 VCSe Endpoint 192.0.2.2 15000 to 19999 TCP Any 1720
H.245 VCSe Endpoint 192.0.2.2 15000 to 19999 TCP Any >=1024
RTP & RTCP VCSe Endpoint 192.0.2.2 36000 to 59999 UDP Any >=1024
SIP endpoints
registering
using UDP / TCP or TLS
SIP TCP & TLS VCSe Endpoint 192.0.2.2 25000 to 29999 TCP Any >=1024
SIP UDP VCSe Endpoint 192.0.2.2 5060 UDP Any >=1024
RTP & RTCP VCSe Endpoint 192.0.2.2 36000 to 59999 UDP Any >=1024
TURN server
media
VCSe Endpoint 192.0.2.2 24000 to 29999
**
UDP Any >=1024
Other services (as required)
61
Cisco VCS Expressway and VCS Control - Basic Configuration Deployment Guide
Appendix 3: Firewall and NAT Settings