ā04-03-2014 06:27 AM - edited ā03-16-2019 10:21 PM
Hi,
We have Cisco CUBE and CUCM 8.x version. We need to establish a SIP trunk between our Cisco CUBE with clients SBC(Session Border Controller) which is non Cisco. As per the client we should allow UDP RTP range of 55000-57500(SIP payload) on our firewall for the communication.As per my knowledge Cisco uses UDP/RTP range of 16384 - 32767.
- Is this a concern as UDP RTP range used at both ends between CUBE and non Cisco SBC is different? How do they negotiate RTP port numbers?
- In this scenario what is the UDP RTP port to be open on firewalls at both the end?
Thanks
KMS
ā04-03-2014 08:04 AM
CUBE should be able to handle whatever port the destination chooses in the SIP messaging. CUBE just will use its own range for choosing a UDP source port. You would have to open up both port ranges or you could just rely on SIP inspection on the firewalls to open up the RTP pinholes automatically by looking at the SIP messaging. That should work fine assuming you're not using TLS.
ā04-03-2014 08:36 AM
(+5) to Brian, I pay attention when he speaks
Contrary to many people's idea of UDP ports, their significance is local. CUBE can send UDP on any port range and can also receive rtp on any port range as long as your firewalls permit them. Infact some of cisco's product do not use the standard udp port range eg Cisco VCS servers. You can define your rtp port range to values you want. In newer versions of IOS, you can actually configure your rtp port range..
ā04-03-2014 10:48 PM
Thanks for the reply. I have below question-
- Client want to know what UDP port range should be allowed on there firewall to allow traffic from the CUBE. If I dont change the default settings on CUBE,should it be UDP 16384 - 32767?
- Can I define the range on CUBE as UDP 55000-57500 for the connection to match with Clients UDP range? Will modifying the range affect other SIP connections on the CUBE?
Thanks
KMS
ā04-04-2014 02:14 AM
Client want to know what UDP port range should be allowed on there firewall to allow traffic from the CUBE. If I dont change the default settings on CUBE,should it be UDP 16384 - 32767?
----YES
Can I define the range on CUBE as UDP 55000-57500 for the connection to match with Clients UDP range? Will modifying the range affect other SIP connections on the CUBE?
---You don't need to do any thing on the CUBE. Just allow these ports on your firewall along with the standard udp range (16384 - 32767)
ā04-04-2014 08:02 AM
It seems like you can change the RTP port change on IOS-XE. You'd have to try it on IOS. It looks to only be a global setting:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/voice/cube_proto/configuration/xe-3s/cube-proto-xe-3s-book/voi-ip6-voip.html#task_39847922DDE9413BAFE73A80EE44EA5D
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide