Hi Paul,

That is actualy quite handy. But i am looking for the full list.

Right now its compiled as a flat list, but I would like to see to where the ports are going. So where does port 500 go to, where does port range 50000-54999 go to. These are obviouse ones, but i hope you know what i mean.

Its more easy for network administrators if we can provide them with a list that resambles my example above.

Hi Pieter,

I understand your problem , however you need to be little specific on which particular ports you require when deploying TP setup for customer or for your own network . The reason I am writing this down is , Cisco recommends and have published different guides for particular deployment scenario. For Eg -

• There is a particular port guide for VCS control and VCS expressway.
• There is a particular port guide for deploying VCS with Lync Server
• There is particular port guide for deploying Endpoints with respect to H323/SIP which consists of H323/SIP ports along with Media ports.

Hence, you can search for particular those guides when deploying TP Solution.

Thanks,

Saurabh

Hi Pieter,

it depends on what list you want to sent to your firewall admins.

I think it's quite a good list, if you send them the VCS Outbund  and Inbound Ports, because there are all IP addresses listed, which are needed. So there is the Source IP & Destination and Port range specified.

You could also find the purpose of that ports, so you could tell your fw admins, why you need that port.

As Saurabh said, it's good to look at the Admin, Install and Deployment Guides to understand in more detail what the ports are for.

Hello!

I agree with Pieter that the documentation could be optimized, some better and streamlined overview

in the admin guides of all components and a tp  firewall guide collecting all info would be a great help for many users.

Just as an example of his list,

that does not fit. The dst for the VCS is correct, the port range itself is for media and not h323/h245.

Media for the MCU could come from/to the codians ephemeral ports which are: 49152 to 65535 and its udp not tcp (see:

http://www.cisco.com/en/US/docs/telepresence/infrastructure/articles/conferencing_products_conferenceme_ports_used_kb_3.shtml )

It would also be needed to exist in the other direction from the VCS to the MCU.

As Paul mentioned working together with the firewall admin is always a good idea. Most firewalls have a capability to

show you what gets blocked, that can also help you here.

I can also recommend to review the mentioned documents or as this can become quite complex

to contact your Cisco partner or an external consultant to help you.

Hi Guys,

I am aware that every port is listed in some sort of documentation, but i thought there would be one document with the whole listing. I already started to compile a list for myself, But it's a lot of research, also dependant on versions.

@Martin, unfortunately I am the consultant people are turning to for firewall advice

Thanks for the replys!

Hi Pieter.

Most telepresence devices is mentioned in this link

http://www.cisco.com/en/US/docs/telepresence/security_solutions/ctss_app_a.html

//Marius

Hi Marius,

Thank you for that link. It contains the sort of lists i am looking for. But it does not contain the former Tandberg portolio like VCS, MCU etc.

If sombody got those lists for VCS, MCU, TP Server, TMS, Endpoints than i am a happy man.

Hi Peter,

this is the base list, I use for installations.

SIP / H323 all internal Jabber Client Networks to VCS Control

SIP

UDP 5060

TCP 5060-5061

H323

UDP 1718-1719

TCP 1720

TCP 15000-15499

Media Ports between Video endpoints, VCS Control and MCU (both directions)

RTP & RTCP UDP 50000 - 54999 (>= X7.2, before: 50000 - 52399)

// Comment: normally endpoints use 2326 to 2486, but I use the same port range on all device to ease firewall configuration

from TMS to Cisco Endpoints

SNMP UDP 161

HTTP TCP 80

HTTPS TCP 443

SSH TCP 22

from Cisco Endpoints tom TMS

HTTP TCP 80

HTTPS TCP 443

SNMP Traps UDP 161

from Cisco VCS Control to VCS Expressway

H323 UDP 6001

RTP UDP 2776 - 2777

H323/RTCP TCP 2776 - 2777

SIP TCP 7001

from TMS to VCS Expressway

TCP 80

TCP 443

TCP 22

UDP 161

VCS Expressway to TMS

TCP 80

TCP 443

Internet to VCS Expressway

SIP

TCP 5060-5061

H323

UDP 1718-1719

TCP 1720

TCP 15000-15499

Assent (FW Traversal for Cisco Endpoints)

UDP & TCP 2776-2777

RTP & RTCP

UDP 50000 - 54999 (>= X7.2, before: 50000 - 52399)

TURN Relay

UDP 3478

UDP 60000-61399

VCS Expressway to Internet

UDP > 1024

TCP > 1024

Great list, thanks for posting Paul. 

My customer will have the following separated by a firewall:

VCS-C / TMS / MCU / VC endpoints CUCM / TPS / TX endpoints

Given the above will the following apply?

CUCM <> VCS-C
5060 TCP UDP

VCS <> TelePresence Server
SIP
5060 TCP UDP
H323
UDP 1718-1719
TCP 1720
                                                  
Media Ports between Video endpoints and TelePresence Server (both directions)
RTP & RTCP UDP 50000 - 54999 (>= X7.2, before: 50000 - 52399)

Have I missed anything?

Many thanks

Trevyn

This is a good doc for all ports too.

http://www.cisco.com/web/DK/assets/docs/presentations/Video_Update_Video_ports_31mar11.pdf

I'm seeing an endpoint try to communicate with TMS from port 161 to port 2010. What is port 2010 used for?