cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2618
Views
11
Helpful
10
Replies
Suresh Subramanian
Rising star

CUCM 8.6.2 RTP Port 4000

We have CUCM 8.6.2 behind the firewall and we have Ascom IP DECT phone integrated with that.

In Firewall, we see traffic from DECT to CUCM is denied when the destination IP is CUCM IP address and destination port is 4000.

source is DECT IP address with port 20020

We have not opened this port 4000 in firewall, that is why the traffic is denied.

However we would like to know who decided the port 4000 and why? is that CUCM or Ascom? I couldn't find anything from ccm logs during the particular time.

I suspect it is CUCM negotating port 4000 for media.

4000 - 4005  -->  These ports are used as phantom Real-Time Transport Protocol (RTP) and Real-Time Transport Control Protocol (RTCP) ports for  audio, video and data channel when Cisco Unified CM does not have ports for these media.

Any help would be much appreciated.

Thanks in advance

//Suresh Please rate all the useful posts.
10 REPLIES 10

Port 4000 is usually used by CUCM for MOH..

This is a sample trace of CUCM using port 4000 for MOH. If you are using h323 gateway you will see this is the h245 q931 logs.

v=0
o=CiscoSystemsCCM-SIP 919861 3 IN IP4 10.115.140.94
s=SIP Call
c=IN IP4 10.100.140.76---------------------MOH server
t=0 0
m=audio 4000 RTP/AVP 0
a=X-cisco-media:umoh
a=rtpmap:0 PCMU/8000
a=ptime:20
a=sendonly

Please rate all useful posts

"opportunity is a haughty goddess who waste no time with those who are unprepared"

Please rate all useful posts

I guess, the ANN will also use 4000. is that correct?

also, is there way we can change this media port from 4000 to standard range (16384-32767)?

//Suresh Please rate all the useful posts.

Suresh,

I guess so, from memory I think it does. Havent done a test recently

Please rate all useful posts

"opportunity is a haughty goddess who waste no time with those who are unprepared"

Please rate all useful posts

As I said earlier, we have the CUCM behind the firewalls and the port 4000 is not opened in FW. but still the endpoints are hearing the MoH from CUCM. how is that possible?

//Suresh Please rate all the useful posts.

I suggest you check the CUCM traces..What I know is that thats the port used to play MOH

Please rate all useful posts

"opportunity is a haughty goddess who waste no time with those who are unprepared"

Please rate all useful posts

>> This is the snippet of the traces going to the SIP phone

12:30:32.865 |//SIP/SIPUdp/wait_SdlSPISignal: Outgoing SIP UDP message to 10.21.15.39:[2123]:

[917301819,NET]

ACK sip:72022@10.21.15.39:2123;transport=UDP SIP/2.0

Via: SIP/2.0/UDP 113.112.89.19:5060;branch=z9hG4bK912ac5d33aa8bb5

From: "Suresh" <00006>;tag=305789291~e4066516-2467-4c7d-ae0c-e82ad64dd0c5-40711219

To: <72022>;tag=3779702074

Date: Tue, 21 May 2013 10:30:32 GMT

Call-ID: 4eeea300-19b14c87-8f04cf1-13317099@113.112.89.19

Max-Forwards: 70

CSeq: 104 ACK

Allow-Events: presence

Content-Type: application/sdp

Content-Length: 174

v=0

o=CiscoSystemsCCM-SIP 305789291 7 IN IP4 113.112.89.19

s=SIP Call

c=IN IP4 113.112.88.22

t=0 0

m=audio 4000 RTP/AVP 0

a=rtpmap:0 PCMU/8000

a=ptime:20

a=sendonly


>> can the cucm change the port number for MoH? and will it fallback to known port if one port is blocked?     

//Suresh Please rate all the useful posts.

This confirm that this is the port that CUCM is playing MOH on. I am not aware of any way that CUCM will change the port. Onething to note is that this is a unidorectional media. CUCM is just sending media and the phone listening. I suggest you look at your firewal traces and see what is happening to this call..Does the firewall block the port 4000? Have a look..the answer might lie there

Please rate all useful posts

"opportunity is a haughty goddess who waste no time with those who are unprepared"

Please rate all useful posts

Hi, I know the thread is old but I like to understand.

Here I could say, yes my ACL blocks clinet UDP high src port to CUCM 4000 dst port.

Why the client sends if it is MoH?

 

Paul

Hi Paul,

 

Actually the communication never happens on port 4000. 

This is just a dummy port number sent across from CUCM to other side to make the SIP SDP complete. 

 

Example : This is part of SIP SDP sent from CUCM to other side which is put on hold .

 

m=audio 4000 RTP/AVP 0
a=X-cisco-media:umoh
a=sendonly

 

Here Sendonly means that the communication would unidirectional ; just from the MOH server to the other end. Since the other end need not send any RTP to the MOH server, there is no need to send the destination port number of MOH to other side ; in fact such port is never opened. 

 

Hope that helps..

 

 

 

I also want to tell something..

after the negotiation with sip offer based demmy port, the real source port that moh is speak with is one of the rtp range 16384-32766

so what is the big deal to write the real port insread of the fake port?

how the far end will know whos udp port going to speak with him?

 

Content for Community-Ad

Spotlight Awards 2021