Cisco Expressway Series Configuration Manual

Cisco Expressway IP Port Usage

Configuration Guide

First Published: April 2017

X8.9.2

Cisco Systems, Inc. www.cisco.com

Cisco Expressway IP Port Usage Configuration Guide

Preface

Change History

Table 1 Cisco Expressway IP Port Usage Configuration Guide Change History

Date Change Reason

July

Correction Outbound SIPsignaling removed from MRAdiagram and table.

2017

April
2017

New
document

Related Documents

For Installation, See:

■ Cisco Expressway Virtual Machine Installation Guide on the Expressway installation guides page.

■ Cisco Expressway CE1100 Appliance Installation Guide on the Expressway installation guides page.

For Administration and Maintenance:

■ See Expressway Administrator Guide

■ See the Cisco Expressway Serviceability Guide on the Expressway Maintain and Operate Guides page.

■ See Cisco Expressway External Policy Deployment Guide at the Cisco Expressway Series Configuration

Guides page.

For Clustering and Certificates (All Deployments):

■ See Cisco Expressway Certificate Creation and Use Deployment Guide on the Expressway configuration

guides page.

■ See the Cisco Expressway Cluster Creation and Maintenance Deployment Guide, for your version, on the

Cisco Expressway Series configuration guides page.

New format for information previously held in Expressway IP Port Usage for Firewall
Traversal.

For Basic Call Control Deployment:

See Cisco Expressway Registrar Deployment Guide on the Expressway configuration guides page.

For Mobile and Remote Access to Cisco Unified Communications Manager Services:

See Mobile and Remote Access Through Cisco Expressway on the Expressway configuration guides page.

For Remote Configuration of MRA:

See Cisco Expressway RESTAPIReference Guide on the Expressway installation guides page.

For Microsoft Interoperability:

■ See Cisco Expressway with Microsoft Infrastructure Deployment Guide on the Expressway configuration

guides page.

■ See Cisco Jabber and Microsoft Skype for Business Infrastructure Configuration Cheatsheet on the

Expressway configuration guides page.

For Cisco Meeting Server:

■ See the Cisco Meeting Server installation guides page.

■ See deployment guides on the Cisco Meeting Server configuration guides page.

2

Cisco Expressway IP Port Usage Configuration Guide

■ See the Cisco Expressway with Cisco Meeting Server Deployment Guide on the Expressway configuration

guides page.

Contents

Preface 2

Change History 2

Related Documents 2

How to Use This Document 5

Default Port Ranges 5

Basic Networking Connections 7

Basic Networking:Expressway 7

Networking Port Reference:Expressway 7

Basic Networking:Traversal Pair 9

Networking Port Reference:Expressway Traversal Pair 10

Clustering Connections 12

Cluster Connections Before X8.8 12

Cluster Port Reference Before X8.8 12

Cluster Connections X8.8 Onwards 13

Cluster Port Reference X8.8 Onwards 13

Provisioning, Registrations, Authentication, and Calls 14

SIP Calls 15

SIP Calls Port Reference 16

H.323 Calls 18

H.323 Calls Port Reference 20

TMS Connections 22

TMS Port Reference 22

LDAP Connections 24

LDAP Port Reference 24

Mobile and Remote Access 26

MRA Connections 26

MRA Port Reference 27

Jabber Guest Services 29

Jabber Guest:Dual NICDeployment 30

Jabber Guest:Dual NICDeployment Ports 31

3

Cisco Expressway IP Port Usage Configuration Guide

Jabber Guest:Single NICDeployment 32

Jabber Guest:Single NICDeployment Ports 33

Microsoft Interoperability Using Gateway Expressway 34

On-Premises Microsoft Clients 34

Off-Premises Microsoft Clients 35

Expressway with Microsoft Infrastructure Port Reference 36

Cisco Meeting Server 38

Web Proxy for Cisco Meeting Server WebRTC Connections 38

Web Proxy for Cisco Meeting Server Port Reference 39

SIP Edge for Meeting Server Connections 40

SIP Edge for Cisco Meeting Server Port Reference 41

XMPP Federation 43

XMPP Federation Connections 43

XMPP Port Reference 44

Serviceability 45

Serviceability:Expressway-C 45

Serviceability:Traversal Pair 46

Serviceability Ports:Traversal Pair 46

Cisco Legal Information 47

Cisco Trademark 47

4

Cisco Expressway IP Port Usage Configuration Guide

How to Use This Document

The purpose of this document is to help you configure and troubleshoot connections between infrastructure
components related to Expressway deployments.

There is a section for each of the popular Expressway deployments. Each has a diagram showing the major
infrastructure components and the connections between them, and also lists the connections in a table format.

The deployments build on each other where necessary. For example, if you wish to implement Mobile and Remote
Access, you should first configure a traversal pair. These relationships are described in the relevant deployment
guides.

Default Port Ranges

The following defaults are used throughout this document. Default port ranges may occasionally change (if
unavoidable) as new features are developed. Our documents list the current default ports for the given version
number.

Note:In some cases throughout this document we list port ranges used by third party infrastructure. These are default

values and we cannot guarantee that these are correct for your environment. We recommend you follow the
supplier's documentation to configure those connections.

Table 2 Default Port Ranges on Expressway

Protocol Purpose Current

Range

TCP Ephemeral ports 1024-65535 Outbound HTTP/S, LDAP

UDP Ephemeral ports 1024-65535 DNS, outbound TURNrequests

TCP Ephemeral ports 30000-

35999

UDP Ephemeral ports 30000-

35999

TCP Outbound SIP 25000-

29999

UDP&TCP Inbound TURN

requests on
Small/Medium
Expressway-E

UDP&TCP Inbound TURN

requests on
Large
Expressway-E

3478 On Expressway-E only. Configurable to a port >= 1024

3478-3483 On Large Expressway-E only. Configurable to a six port range with

Details

first port >=1024.

UDP TURN relays 24000-

On Expressway-E only.

29999

5

Cisco Expressway IP Port Usage Configuration Guide

Table 2 Default Port Ranges on Expressway (continued)

Protocol Purpose Current

Range

UDP RTP/RTCPmedia 36000-

59999

UDP Multiplexed

media on
Small/Medium

2776/2777
OR

36000/36001
Expressway-E
systems

UDP Multiplexed

media on Large

36000-

36011
Expressway-E
systems

Details

The range is configurable.

On S/MExpressway, the first two ports can be used for multiplexed
media if you do not use default/custom ports.

On LExpressway, the first twelve ports of the range are used for
multiplexed media. You cannot customize that subrange.

2776/2777 is older pair but kept as default by the ability to
customize when the new default range was introduced with

S/Msystem options. Custom pair is defined on Configuration
>Traversal >Ports.

On Expressway-E only.

Note:In the connection maps and port references we do not show

all the port options for the sake of clarity. For example, if the
diagram shows 2776/2776, but you have chosen to use
36000/36001 instead, then you don't need to also open 2776/2777.

New range introduced with Largesystem option. This range is
always the first twelve ports of the RTP/RTCPmedia range, so it
will be different if you configure a different media range.

On Expressway-E Large OVAs or large scale appliances only.

Note:In the connection maps and port references we do not show

all the port options for the sake of clarity. For example, if the
diagram shows 2776/2776, but you have a large Expressway, then
you should open the first twelve ports of the media range instead of
2776/2777.

TCP SIPtraversal 7001 Configurable. SIPlistening port on the first Expressway-E traversal

server zone. Subsequent traversal server zones will use incremental
port numbers, eg. 7002, by default.

UDP H.323 traversal 6001 Configurable. H.323 listening port on the first Expressway-E

traversal server zone. Subsequent traversal server zones will use
incremental port numbers, eg. 6002, by default.

6

Cisco Expressway IP Port Usage Configuration Guide

Basic Networking Connections

Basic Networking:Expressway

Networking Port Reference:Expressway

Table 3 Basic Networking Ports for Expressway-C

Purpose Src. IP Src. ports Protocol Dest. IP Dst. Ports

Administrator SSH Admin PCs 1024-65535 TCP Expressway-C 22

Administrator HTTP

Administrator HTTPS Admin PCs 1024-65535 TCP Expressway-C 443

Name resolution (DNS) Expressway-C 1024-65535 UDP & TCP†Internal name server 53

Time synchronization (NTP) Expressway-C 123 UDP Internal time server 123

*

Admin PCs 1024-65535 TCP Expressway-C 80

7

Cisco Expressway IP Port Usage Configuration Guide

* Expressway redirects HTTPto HTTPSby default. You don't need to open the HTTP port, but you can allow HTTPfor
convenience and redirect to HTTPS.

† Expressway will attempt DNSresolution over TCPif the response is too large.

8

Cisco Expressway IP Port Usage Configuration Guide

Basic Networking:Traversal Pair

9

Cisco Expressway IP Port Usage Configuration Guide

Networking Port Reference:Expressway Traversal Pair

Table 4 Basic Networking Ports for Expressway-C

Purpose Src. IP Src. ports Protocol Dest. IP Dst. Ports

Administrator SSH Admin PCs 1024-65535 TCP Expressway-C 22

Administrator HTTP

Administrator HTTPS Admin PCs 1024-65535 TCP Expressway-C 443

Name resolution (DNS) Expressway-C 1024-65535 UDP & TCP†Internal name server 53

Time synchronization (NTP) Expressway-C 123 UDP Internal time server 123

* Expressway redirects HTTPto HTTPSby default. You don't need to open the HTTP port, but you can allow HTTPfor
convenience and redirect to HTTPS.

† Expressway will attempt DNSresolution over TCPif the response is too large.

*

Admin PCs 1024-65535 TCP Expressway-C 80

Table 5 Basic Networking Ports for Expressway-E

Purpose Src. IP Src. ports Protocol Dest. IP Dst.

Administrator SSH Admin PCs 1024-

65535

Administrator HTTP Admin PCs 1024-

65535

Administrator HTTPS Admin PCs 1024-

65535

Internal name resolution (DNS)* Expressway-E privateIP1024-

65535

External name resolution (DNS) Expressway-E publicIP1024-

65535

Internal time synchronization
(NTP)*

External time synchronization
(NTP)

* You may prefer to connect Expressway-E to external DNSand NTP. You do not need both.

Expressway-E privateIP123 UDP Internal time server 123

Expressway-E publicIP123 UDP External time server 123

TCP Expressway-E privateIP22

TCP Expressway-E privateIP80

TLS Expressway-E privateIP443

UDP
&TCP

UDP
&TCP

Internal name server 53

External name server 53

Ports

10

Cisco Expressway IP Port Usage Configuration Guide

11

Cisco Expressway IP Port Usage Configuration Guide

Clustering Connections

Cluster Connections Before X8.8

Cluster Port Reference Before X8.8

Table 6 Cluster Synchronization and Communications

Purpose Src. IP Src. ports Protocol Dest. IP Dst. Ports

Cluster database synchronization (IPSec AH) This

Key exchange between peers (ISAKMP) This

Cluster recovery This

Cluster communication This

Bandwidth management (Expressway-C cluster
only)

peer

peer

peer

peer

This
peer

N/A 51 Other

peers

500 UDP Other

peers

30000­35999

30000­35999

1719 UDP Other

UDP Other

peers

TCP Other

peers

peers

N/A

500

4371

4369­4380

1719

12

Cisco Expressway IP Port Usage Configuration Guide

Cluster Connections X8.8 Onwards

Cluster Port Reference X8.8 Onwards

Table 7 Expressway-C Cluster Database Synchronization and Communications

Purpose Src. IP Src. ports Protocol Dest. IP Dst. Ports

Cluster recovery This peer 30000-35999 TCP Other peers 4371

Cluster communication This peer 30000-35999 TLS Other peers 4372

Bandwidth management This peer 1719 UDP Other peers 1719

Table 8 SIPCalls Routed Between Peers (not shown on diagram)

Purpose Src. IP Src. ports Protocol Dest. IP Dst. Ports

SIPTCPSignaling This peer 25000-29999 TCP Other peers 5061

SIPTLSSignaling This peer 25000-29999 TLS Other peers 5061

RTP/RTCP This peer 36000-59999 UDP Other peers 36000-59999

Bandwidth management This peer 1719 UDP Other peers 1719

13

Cisco Expressway IP Port Usage Configuration Guide

Provisioning, Registrations, Authentication, and Calls

SIP Calls 15

SIP Calls Port Reference 16

H.323 Calls 18

H.323 Calls Port Reference 20

TMS Connections 22

TMS Port Reference 22

LDAP Connections 24

LDAP Port Reference 24

14

Cisco Expressway IP Port Usage Configuration Guide

SIP Calls

15