Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
156
Views
4
Helpful
3
Replies

Cisco SBC Signal and media port range

Go to solution
madhav.kumar.bhardwaj12
Level 1
Level 1

‎01-02-2025 05:32 AM

We are configuring Cisco 44XX series SBC/CUBE for MS Teams direct routing configuration with NAT configuration. We are following below doc but it does not mention about default SBC port range for configuration. What is default media port range on Cisco SBC/CUBE ?

https://www.cisco.com/c/dam/en/us/solutions/collateral/enterprise/interoperability-portal/deploying-a-multi-tenant-direct-routing.pdf

Could you please guide us that what will be signal and media port range on Cisco SBC for MS Teams direct routing for NAT configuration ?

3. Ports that will requested on the sbc from the Microsoft side
4. Ports that will requested on the Microsoft Microsoft side from the sbc end

Traffic From To Source port Destination port
SIP/TLS SIP Proxy SBC 1024 – 65535 Defined on the SBC (For Office 365 GCC High/DoD only port 5061 must be used)
SIP/TLS SBC SIP Proxy Defined on the SBC 5061


Traffic From To Source port Destination port
UDP/SRTP Media Processor SBC 3478-3481 and 49152 – 53247 Defined on the SBC
UDP/SRTP SBC Media Processor Defined on the SBC 3478-3481 and 49152 – 53247

Can we use TCP 5061 for SIP signal and media port range 16384-32767 on Cisco SBC/CUBE ?

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Vaijanath Sonvane
VIP Alumni
VIP Alumni

‎01-02-2025 08:10 AM - edited ‎01-02-2025 08:16 AM

Hi @madhav.kumar.bhardwaj12.,

Most Cisco documentation specifies that RTP & RTCP traffic will use a dynamically chosen port number in the range 16384 to 32767, with RTP using an even port number & RTCP using the subsequent odd numbered port.

However as of IOS XE 3.10.2 the 4000 series routers actually use the range 8000 to 48200 by default. You can use below configuration on CUBE router to limit the range of RTP ports:

voice service voip
  rtp-port range 16384 32766

Recently I did the similar project to integrate Cisco 8000 Router with MS Teams Direct Routing and prepared an attached port document. Hope this is helpful to you. 

The updated information regarding signaling and media ports is available on Microsoft site:

https://learn.microsoft.com/en-us/microsoftteams/direct-routing-plan

 

 

 

Please rate helpful posts and if applicable mark "Accept as a Solution".
Thanks, Vaijanath S.

View solution in original post

Preview file
18 KB
3 Replies 3

Go to solution
Vaijanath Sonvane
VIP Alumni
VIP Alumni

‎01-02-2025 08:10 AM - edited ‎01-02-2025 08:16 AM

Hi @madhav.kumar.bhardwaj12.,

Most Cisco documentation specifies that RTP & RTCP traffic will use a dynamically chosen port number in the range 16384 to 32767, with RTP using an even port number & RTCP using the subsequent odd numbered port.

However as of IOS XE 3.10.2 the 4000 series routers actually use the range 8000 to 48200 by default. You can use below configuration on CUBE router to limit the range of RTP ports:

voice service voip
  rtp-port range 16384 32766

Recently I did the similar project to integrate Cisco 8000 Router with MS Teams Direct Routing and prepared an attached port document. Hope this is helpful to you. 

The updated information regarding signaling and media ports is available on Microsoft site:

https://learn.microsoft.com/en-us/microsoftteams/direct-routing-plan

 

 

 

Please rate helpful posts and if applicable mark "Accept as a Solution".
Thanks, Vaijanath S.

Preview file
18 KB

Go to solution
madhav.kumar.bhardwaj12
Level 1
Level 1

‎01-02-2025 09:21 AM - edited ‎01-02-2025 09:26 AM

Thanks @Vaijanath Sonvane for quick response. Shared doc is really helpful. I have additional queries - 
1. For 8XXX service SBC, can i use the same media port range UDP 16384 to 32766 ?

16384 32766

 2. We are configuring SBC without Media bypass option which means we are using NAT on SDWAN with internal IP address on SBC which will be mapped to public IP address of SDWAN. To create DNS A records in public DNS Server for SBC FQDN mapping to the public IP Address - I assume, we need to use SDWAN Public NAT IP address for DNS A record for SBC FQDN. Correct ?

3. What are best security policies or configuration on Cisco CUBE/SBC which we can implement to protect from Internet access such as ACL configuration to allow only MS Teams traffic etc ?

0 Helpful

Go to solution
Vaijanath Sonvane
VIP Alumni
VIP Alumni

‎01-02-2025 11:20 AM - edited ‎01-02-2025 11:21 AM

Hi @madhav.kumar.bhardwaj12,

1. Yes, you can use this port range. 

2. This is how I have deployed SBCs for customer with 1:1 NAT. The public DNS record must have SBC FQDN with NATed public IP Address.

3. As the SBC router is behind the firewall, we allowed only the IP Address ranges and ports mentioned in the document on firewall. 

 

 

Please rate helpful posts and if applicable mark "Accept as a Solution".
Thanks, Vaijanath S.

Customers Also Viewed These Support Documents