yes that right I have seen that, I think now is not possible because for the update the Port which are important change are: 50000 - 50001 this must be open, and this Ports I can not configure this on the inside VCS-Control.

Hi Greorg,

Also be aware that you may need to update the port range on the FIREWALL (if applicable) in an all x8.x environment in any case.

By default, an update of a VCS from x7 to x8 will shift the De-multiplexing ports to 50000 and 50001, however, new VCS on x8 will have the De-multiplexing ports on 36000 and 36001. This is maybe something to consider when upgrading and whether you want to update the port ranges on the upgrade to match a NEW install. This is the avenue we have decide to take as we will know that all our VCSs will match going forward.

Cheers

Chris

Hello All,

We ran into an issue with a costumer of ours who is using a third party VCS-E link for their VCS-C traversal conference link. (they own an VCS Control and several end points).

The videoconference provider updated there platform to X8.x and the Control is still running on X7.x. The customer was confronted with the fact that no videoconference calls where possible any more.

I read the release notes of the X8.x software version and I could not find that traversal Links are affected by this software upgrade, only End points.

Looking at the admin interface of the VCS there is no fault indication or error message what so ever( on the traversal link).

After opening the extra IP ports in the firewall  (50000 and 50001) we got het service back up and running.

In My opinion is this chance in ports at a software upgrade un acceptable without a big warning marker in de software release guide.

Because of the heard bleed issue there should be a maintenance software release for older software versions X6 & X7 as well.

Best regards Bert-Wietze

Hi Bert-Wietze,

The release notes spell out the firewall port changes pretty well for the traversal zone in my opinion.  These have been discussed at length in a few threads in these forums already by myself and others.

There is also a Heartbleed fixed release for the earlier versions X7.2.3 to be precise.  It doesn't include some of the other vulnerability/security fixes that X8.1.1 does though.  Again - this has been discussed here in quite a few recent threads if you do a search, or look at one of my earlier replies in this thread.

Wayne
--
Please remember to rate responses and to mark your question as answered if appropriate.

Hoi Wayne,

In my point of view there are 2 kinds of traversal zones, 1 is for end points en 2 is VCS-c & VCS-e link.

I toke the time to read some diployment guides again.

And see that I understood it in a different way, I tought that only the ports 2776, 2777 & 6001 ware used for traversal communication between VCSc & e

But the VCS-c is using more I see.

Bert

Hi Bert-Wietze

I think also in the Rel Note was for me enough Info which ports are used, a little bit confused reagrding the Ports 50000-59999

But if you look in to the Firewall Port deployment guide you se exactl whic port are used in every situation.

http://www.cisco.com/c/dam/en/us/td/docs/telepresence/infrastructure/vcs/config_guide/X8-1/Cisco-VCS-IP-Port-Usage-for-Firewall-Traversal-Deployment-Guide-X8-1.pdf

For me was not really apparent if you have on the VCS-C 7.2.2, because you can not change the destination Port on the VCS-C which are make the connection to the VCS-E.

But now for me I everithing clear/OK  I will Update both sites and makes the change on the Firewall and so I'm on the safe side.

Regards

Georg

Hi Bert,

The "Traversal" refers to a firewall traversal, and this is usually between the C and E (not the endpoint and the C on the local LAN).

If you look in the Port Reference section of the Release Notes, it sets out the inbound and outbound ports quite clearly (Tables 5 and 6 - Pages 19-22).

Wayne
--
Please remember to rate responses and to mark your question as answered if appropriate.

I think its at least a strange thing, the ports would also need to be changed checked / adjusted if you upgrade.

I had now gotten an other feedback that building up a traversal zone in between X7 and X8 is not

an issue. I had tested it in my lab and it seems to look ok.

X8.1 on the VCS-E and X7.2.2 on the VCS-C, so it would be interesting to hear if some one

with this combination actually had issues in some way? (as this is more important for me than that it works)

From how I see it from the controversy I had with TAC nothings changed, besides the definition that its now possible, ...

Sure I would double check that the ports used are as expected after the upgrade and that they are open in the firewall.