Installing Cisco TelePresence Expressway Control (Cisco Expressway-C)
To review the various use cases where Cisco Expressway-C can be deployed, see the Cisco Hosted Collaboration Solution Solution Reference Network Design Guide.
To install the product, see the Cisco Expressway on Virtual Machine Installation Guide: http://www.cisco.com/c/en/us/support/unified-communications/telepresence-video-communication-server-vcs/products-installation-and-configuration-guides-list.html.
Cisco Expressway software is available from the Cisco.com software download site: http://www.cisco.com/c/en/us/support/unified-communications/telepresence-video-communication-server-vcs/tsd-products-support-general-information.html.
What to do next
Continue with the Cisco TelePresence Video Communication Server Getting Started guide: http://www.cisco.com/c/en/us/support/unified-communications/telepresence-video-communication-server-vcs/products-installation-guides-list.html.
Unified Communications Port Reference
-
Between your internal network (where the Expressway-C is located) and the DMZ (where the Expressway-E is located)
-
Between the DMZ and the public Internet
| Purpose | Protocol | Expressway-C (source) | Expressway-E (listening) |
|---|---|---|---|
| XMPP (IM and Presence) | TCP | Ephemeral port | 7400 |
| SSH (HTTP/S tunnels) | TCP | Ephemeral port | 2222 |
| Traversal zone SIP signaling | TLS | 25000 to 29999 | 7001 |
| Traversal zone SIP media | UDP | 36002 to 59999 * | 36000 to 36001 * |
| Purpose | Protocol | Expressway-E (source) | Internet endpoint (listening) |
|---|---|---|---|
| SIP media | UDP | 36002 to 59999 * | >= 1024 |
| SIP signaling | TLS | 25000 to 29999 | >= 1024 |
| Purpose | Protocol | Internet endpoint (source) | Expressway-E (listening) |
|---|---|---|---|
| XMPP (IM and Presence) | TCP | >= 1024 | 5222 |
| HTTP proxy (UDS) | TCP | >= 1024 | 8443 |
| Media | UDP | >= 1024 | 36002 to 59999 * |
| SIP signaling | TLS | >= 1024 | 5061 |
| HTTPS (administrative access) | TCP | >= 1024 | 443 |
| Purpose | Protocol | Expressway-C (source) | Cisco Unified Communications Manager (listening) |
|---|---|---|---|
| XMPP (IM and Presence) | TCP | Ephemeral port | 7400 (IM and Presence) |
| HTTP proxy (UDS) | TCP | Ephemeral port | 8443 (Cisco Unified Communications Manager) |
| HTTP (configuration file retrieval) | TCP | Ephemeral port | 6970 |
| Cisco Unity Connection (voicemail) | TCP | Ephemeral port | 443 (Cisco Unity Connection) |
| Media | UDP | 36002 to 59999 * | >= 1024 |
| SIP signaling | TCP/TLS | 25000 to 29999 | 5060/5061 |
* The default media port range of 36000 to 59999 applies to new installations of X8.1 or later. The first two ports in the range are used for multiplexed traffic only. With large VM deployments, the first 12 ports in the range (36000 to 36011) are used). The previous default range of 50000 to 54999 still applies to earlier releases that have upgraded to X8.1.
Notes:
- Ports 8191/8192 TCP and 8883/8884 TCP are used internally within the Expressway-C and the Expressway-E applications. Therefore these ports must not be allocated for any other purpose.
- The Expressway-E listens externally on ports 7400 and 8883. We recommend that you create custom firewall rules on the external LAN interface to drop TCP traffic on those ports.
The Expressway-E listens on port 2222 for SSH tunnel traffic. The only legitimate sender of such traffic is the Expressway-C (cluster). We recommend that you create the following firewall rules for the SSH tunnels service:
- One or more rules to allow all the Expressway-C peer addresses (using the internal LAN interface, if appropriate).
- A lower priority (higher number) rule that drops all traffic for the SSH tunnels service on the internal LAN interface, if appropriate. If so, create another rule to drop all traffic on the external interface.
Feedback