×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.
Ramraj Sivagnan... Sat, 08/18/2012 - 03:50
User Badges:
  • Silver, 250 points or more

Hi Bro

The TCP and UDP ports that needs to be permitted in your FW rules varies according to the VC product manufacturer. For example, if you were using Tandberg (recently acquired by Cisco) the TCP and UDP ports needed to be permitted are as defined in http://www.cisco.com/en/US/docs/telepresence/infrastructure/articles/conferencing_products_conferenceme_ports_used_kb_3.shtml


Generally, the TCP and UDP ports for VC are as listed below;


TCP/389

TCP/1002

TCP/1503

TCP/1720

TCP/1024-65535 & UDP/1024-65535

UDP/1718 - 1719


Note: You could include in your ACL "deny ip any any log" on the last line, to unearth more TCP and UDP ports, assuming they are not listed above.


Sometimes, you may need to disable the default inspects too (but do this as a last resort), assuming you do see packet drops when issuing the command "show service-policy global".


policy-map global_policy

class inspection_default

no inspect h323 h225

no inspect h323 ras

no inspect skinny

no inspect sip





P/S: If you think this comment is useful, please do rate them nicely :-) and select the option "THIS QUESTION IS ANSWERED"

Actions

This Discussion

Related Content