Firewall Traversal Protocols And Ports; Expressway Process; H.323 Firewall Traversal Protocols; Sip Firewall Traversal Protocols - Cisco TelePresence Administrator's Manual
Telepresence video communication server
Hide thumbs
Also See for TelePresence:
- Administrator's manual (507 pages) ,
- Manual (24 pages) ,
- Specifications (7 pages)
Table of Contents
Advertisement
Grey Headline (continued)
Firewall traversal protocols and ports
Overview
Ports play a vital part in firewall traversal configuration. The
correct ports must be set on the VCS Expressway, traversal
client and firewall in order for connections to be permitted.
Ports are initially configured on the VCS Expressway by the
VCS Expressway administrator. The firewall administrator and
the traversal client administrator should then be notified of the
ports, and they must then configure their systems to connect to
these specific ports on the server. The only port configuration
that is done on the client is the range of ports it uses for
outgoing connections; the firewall administrator may need to
know this information so that if necessary they can configure the
firewall to allow outgoing connections from those ports.
The pages under the Maintenance > Tools > Port usage
menu show, in table format, all the IP ports that are
being used on the VCS, both inbound and outbound. This
information can be provided to your firewall administrator so that
the firewall can be configured appropriately. See the
section for further information.
Overview and
System
Introduction
status
configuration
D14049.08
November 2010
Expressway process
The Expressway™ solution works as follows:
1. Each traversal client connects via the firewall to a unique port
on the VCS Expressway.
2. The server identifies each client by the port on which it
receives the connection, and the authentication credentials
provided by the client.
3. After the connection has been established, the client
constantly sends a probe to the VCS Expressway via this
connection in order to keep the connection alive.
4. When the VCS Expressway receives an incoming call for the
client, it uses this initial connection to send an incoming call
request to the client.
5. The client then initiates one or more outbound connections.
The destination ports used for these connections will differ
for signaling and/or media, and will depend on the protocol
being used (see the following sections for more details).
Port usage
Cisco VCS
Zones and
Clustering and
configuration
neighbors
peers
Call
Bandwidth
processing
control
131
CISCO TELEPRESENCE
VIDEO COMMUNICATION SERVER
H.323 firewall traversal protocols
The VCS supports two different firewall traversal protocols for
H.323: Assent and H.460.18/H.460.19.
•
Assent is Cisco's proprietary protocol.
•
H.460.18 and H.460.19 are ITU standards which define
protocols for the firewall traversal of signaling and media
respectively. These standards are based on the original
Assent protocol.
A traversal server and traversal client must use the same
protocol in order to communicate.
The two protocols each use a different range of ports.
SIP firewall traversal protocols
The VCS supports the Assent protocol for SIP firewall traversal
of media.
The signaling is traversed through a TCP/TLS connection
established from the client to the server.
Firewall
Applications
Maintenance
traversal
ADMINISTRATOR GUIDE
Appendices
Advertisement
Table of Contents
