cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1506
Views
15
Helpful
4
Replies

CWMS UDP ports for Audio and Video for external clients

Aman .
Level 1
Level 1

Which ports does CWMS uses for Audio and Video media transmission for clients that are trying to connect via internet ?

if it is SSL, How does it pass RTP through SSL ports ? .. is that possible ?

Will audio and video web conferencing work without allowing ephemeral UDP ports (16000 to 32000) for clients that are trying to connect via internet ?
 

Below are the texts from planning guide, but it is still confusing.

"The default UDP port used for external clients for audio and video data transmission is SSL (port 443). "

"

UDP ports to open between the internal machines

udp range:10000:19999

udp range:16000:32000

udp range:9000:9009

udp 5060

udp 5062

1 Accepted Solution

Accepted Solutions

dpetrovi
Cisco Employee
Cisco Employee

Hi Aman,

All the communication between external clients and the IRP server is done via port 443 (HTTPs). PC Audio, Video, and Data is encrypted. The information is tunneled from IRP to internal Media VMs via 443 as well.

As for RTP streams between the actual phones and CWMS, this can also be encrypted by TLS if you deployed CWMS that supports audio encryption and configured TLS on CWMS and CUCM servers. This traffic doesn't go through IRP server, but follows standard telephony path.

The UDP ports listed are used on the internal network between internal VMs and internal clients (if the internal clients are connecting to WebEx Site URL using Private VIP and not the Public VIP).

 

I hope this clarifies it.

-Dejan

View solution in original post

4 Replies 4

Terry Cheema
VIP Alumni
VIP Alumni

Yes you can run VoIP traffic over the SSL. This is probably done to secure this traffic.

-Terry

Please rate all helpful posts

Hi Terry,

 

Yes I saw in Cisco Documentation that they mentioned port 443, and that they mentioned at other places that the traffic is encrypted. But never saw them brag about using this RTP within HTTPS technology, so that added to confusion.

Now it is clear.

Thanks,

Aman

Aman glad that helped. Yes VoIP can now be encrypted within SSL/TLS.

-Terry

dpetrovi
Cisco Employee
Cisco Employee

Hi Aman,

All the communication between external clients and the IRP server is done via port 443 (HTTPs). PC Audio, Video, and Data is encrypted. The information is tunneled from IRP to internal Media VMs via 443 as well.

As for RTP streams between the actual phones and CWMS, this can also be encrypted by TLS if you deployed CWMS that supports audio encryption and configured TLS on CWMS and CUCM servers. This traffic doesn't go through IRP server, but follows standard telephony path.

The UDP ports listed are used on the internal network between internal VMs and internal clients (if the internal clients are connecting to WebEx Site URL using Private VIP and not the Public VIP).

 

I hope this clarifies it.

-Dejan