The Cisco CallManager Attendant Console (AC) is supposed to use TCP port 2748 and ports 1099 through 1129. However, when a firewall is deployed between Cisco CallManager and the AC, it uses TCP ports outside of this range.
This problem occurs because the use of a firewall between the Cisco CallManager server and the AC client is not currently supported. A firewall is not supported because the AC uses some random ports for Remote Method Invocation (RMI) connections. Only one available port is used to initiate the RMI connection, starting with 1099. After the RMI connection is established, RMI uses a random TCP port (normally the first available port). thus, the port for the firewall cannot be specified. If these random ports are not open, the AC fails and can display the error communicating with the server error message.
User Data Protocol (UDP) ports are mostly used for line state. The UDP port can be configured in the Advanced Settings dialog box. If no port is configured, the AC uses the first available UDP port (random).
So, if a free UDP port is specified (for example, port 1234 in the Attendant Settings dialog box), this port must be allowed in the firewall.
Note: Enter the UDP port as IP Address: UDP port in the Local Host IP Address (for line state) field, under the Advanced tab of the Attendant Settings dialog box. For example, if port 1234 is used, 10.1.30.10:1234 must be written in the Advanced Settings dialog box. UDP communication takes place on this port thereafter.
There are three types of communication between the AC client and server:
AC client to RMI (telephony call dispatcher)
The client always connects to RMI at server port 1099 through 1129. Then, the server tells the client to establish a second TCP session with the server on a second TCP port. This port is randomly taken and there is no way to guarantee that a particular TCP port is always used.
AC client to Quick Buffer Encoding (QBE) (Computer Telephony Integration (CTI) manager)
The QBE communication establishes a TCP session with the server at TCP port 2748.
AC client to Line State Server (LSS) (telephony call dispatcher)
In this case, there is UD LSS traffic coming from the servers. This can be fixed in the Advanced Settings dialog box.
The ports specified in the Services Parameters dialog box are used by Cisco CallManager to listen to Termination Call Detail (TCD) requests, initialize the AC clients and offer line state information to the clients. These TCP ports must not be changed.
The AC was not designed to work with a firewall or NAT. However, there is a feature request bug filed to lockdown the port range. For more information, refer to Cisco bug ID is CSCee21603.
This problem will be fixed in Cisco CallManager version 5.x because firewall support will be added to this release of AC, with a custom socket factory for RMI connections. Therefore, applications are able to specify a user-configurable TCP port for the RMI bind port at the server machine, through the AC server Service Parameters dialog box. A user-configurable TCP port can be selected for RMI callback at the AC client, through the Settings dialog box.
For now, the only workaround for this issue is to either unblock all the TCP ports or disable the firewall.
For related information, refer to these documents:
When deploying Cisco Jabber in Team Messaging Mode, the auto-update of the client relies on Cisco Webex Control Hub settings (so-called Upgrade Profiles under Team Messaging Mode section - Manage Jabber versions). At the time this post is written, on...
Hi Guys,Is there any way to force logout all clients' sessions from IMP? So they have to login again to the IMP server. Does Cisco provide a way to do this? My CM version is 184.108.40.20600-18 and IMP version is 220.127.116.1100-33.Thank you.
Hello,I am facing the following issue: when one user calls any ext in the office and not getting answer, she can hear all system messages like – the call can not be complete in Russian language whereas for others while calling same ext. the call cannot be...
Hello, we have a requirement for a fixed volume output from a Cisco Room Kit plus system for hearing augmentation and a variable feed to room's ceiling speakers. The volume is controlled from the Cisco Touch 10.The analog output shall be used for the...