Cisco Unified Communication Manager 14 - 1 way audio on internal calls

Simon Roberts · ‎11-21-2023

Hello,
We're experiencing 1-way audio issues between 2 instances of Cisco Jabber; 1 device is connected to the LAN and another is connected to the LAN via Global Connect. The call is established ok but 1 way audio issues occur
The network engineer reports that firewall rules are blocking traffic, in this instance, UDP ports 50010 and 50046 are being blocked
I can find no reference in Cisco documentation that this port range needs to be unblocked.
I've located another non-cisco article that mentions UDP 8500 - 59999 needs to be opened for RTP and Phone Signalling. Can anyone explain what is going on here, thanks in advance, Simon

Roger Kallberg · ‎11-21-2023

There are two things of communication that needs to be allowed for a call to be in full working order. First both of the parties in the call need to be able to communicate with the CM system(s) for signaling, then when the call is established both of the parties in the call need to be allowed to communicate directly with each other for the media traffic. By the sound of what you describe the later is not allowed and that’s why you cannot hear anything in the call. There are very good resources with documentation for what ports various parts of the Cisco UC system requires. Have a look at these and let your firewall administrator know what to allow. That should solve your problem.

Simon Roberts · ‎11-22-2023

thanks, Roger for your response

I've been using this article which defines ports that need to be open in various scenarios. What it doesn't seem to cover is the scenario of an internal network separated by a firewall i.e. GlobalProtect.

From a security standpoint our network engineers want to restrict the flow of traffic between the on-premise environment and external access via Global Protect. Should we be deploying an expressway to handle voice traffic in the above scenario?

thanks

Roger Kallberg · ‎11-22-2023

@Simon Roberts wrote:

I've been using this article which defines ports that need to be open in various scenarios. What it doesn't seem to cover is the scenario of an internal network separated by a firewall i.e. GlobalProtect.

From a communication point of view there is really no difference what you'd need to allow regardless of topology. All the ports listed in the document is needed to be let through whatever device you have that would block it. Using Expressway to connect disconnected, or at least not fully connected, networks is an option, but you should know that there are limits to how many clients you can have connecting via one Expressway pair. This can be expanded up to a point by adding more nodes to the C and E clusters and by having multiple entities of Expressway clusters.

Carlo Poggiarelli · ‎11-22-2023

Hi Simon,

Cisco suggests to deploy Mobile Remot Access Service to give remote users the ability to communicate with the corporate.

This involves the implementation of a cluster of Expressway Core and one cluster of Expressway Edge.

Here you can find a document on how to implement the solution https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/expressway/config_guide/X12-5/exwy_b_mra-expressway-deployment-guide/exwy_b_mra-expressway-deployment-guide_chapter_00.html

HTH

Regards

Carlo

Please rate all helpful posts "The more you help the more you learn"