Dear Cisco Support community,
I need to set up a intercluster environment and I`m having some questions about that:
IP PHONE (192.168.100.20) -> CUCM (192.168.100.5) -> H.323 GW (192.168.100.1) -> FW ASA 5510 -> VPN SITE TO SITE -> FW ASA 5510 -> H.323 GW (192.168.200.1) -> CUCM (192.168.200.5) -> IP PHONE (192.168.200.20)
I need to know if the call signaling and RTP traffic will occur only between H.323 GW or will occur end to end IP Phones? I need to know that, because I want to enable the correct traffic on the firewall.
The call signaling will be between the CUCM(s), RTP Flow is end to end.
Take a look on this link to enable voice traffic through ASA/PIX:
Rate this if helps!
For intra-cluster communication over VPN you need to configure Inspection of Voice and Video Protocols
The options are:
H323 Inspection - You must permit traffic for the well-known H.323 port 1719 for RAS signaling. Additionally, you must permit traffic for the well-known H.323 port 1720 for the H.225 call signaling; however, the H.245 signaling ports are negotiated between the endpoints in the H.225 signaling. When an H.323 gatekeeper is used, the ASA opens an H.225 connection based on inspection of the ACF and RCF nmessages.
MGCP Inspection - MGCP is a master/slave protocol used to control media gateways, MGCP messages are transmitted over UDP.
MGCP Gateways usually receive signal/command from Call agente (CUCM) on UDP port 2427 and Call agent receive from GW usually on UDP port 2727.
RTSP Inspection - RTSP is used by RealAudio, RealNetworks, Apple QuickTime 4, RealPlayer, and Cisco IP/TV connections. RTSP applications use the well-known port 554 with TCP (rarely UDP) as a control channel also TCP 8554.
SIP Inspection - SIP works with SDP for call signalling. SDP specifies the ports for the media stream, usually TCP and UDP port 5060 and 5061
SCCP Inspection - Skinny (SCCP) is a simplified protocol used in VoIP networks, normal traffic between Cisco CallManager and Cisco IP Phones uses SCCP
You can use this doc to help you understand better Cisco Unified Communications Manager TCP and UDP Port Usage
Also refer the Secure Gateway and Trunk Configuration Checklist
Have in the mind that once the Call has been completed the CallAgent CUCM server in itself is no longer involved in the call.
Thanks Leonardo for the nice rating and feedback!!!!