10-04-2001 07:50 AM - edited 03-12-2019 12:47 PM
Hi All,
I have customer using our IP Phone 7960, but he has some sort of Firewall, I believe that they block the TCP Port. Therefore, I have to tell them to open the TCP Port for 7960.
Is there anyone know that what is the port number for IP Phone 7960???
Ken
Ken
10-04-2001 08:53 AM
TCP port 2000 is used for Skinny signaling to the CallManager. However there are a number of other ports that would be important to have open. For example:
UDP/69 - TFTP
TCP/80 - corporate directory, XML services. not always 80
UDP/67 - DHCP server
UDP/68 - DHCP client
UDP/16384-32767 - RTP audio
There are probably more I haven't thought of from the top of my head.
10-04-2001 09:00 AM
access-list avvid_in permit udp 10.0.0.0 255.0.0.0 10.21.100.0 255.255.255.0 eq tftp
! Allow TFTP from the Voice Network to the CallManager Cluster Subnet
access-list avvid_in permit tcp 10.0.0.0 255.0.0.0 10.21.100.0 255.255.255.0 eq 2000
access-list avvid_in permit tcp 10.0.0.0 255.0.0.0 10.21.100.0 255.255.255.0 eq 2001
access-list avvid_in permit tcp 10.0.0.0 255.0.0.0 10.21.100.0 255.255.255.0 eq 2002
! Allow Skinny from the Voice Network to the CallManager Cluster Subnet
access-list avvid_in permit tcp 10.0.0.0 255.0.0.0 10.21.100.0 255.255.255.0 eq 1719
access-list avvid_in permit tcp 10.0.0.0 255.0.0.0 10.21.100.0 255.255.255.0 eq 1720
access-list avvid_in permit tcp 10.0.0.0 255.0.0.0 10.21.100.0 255.255.255.0 range 11000
11999
! H.323 access from the Voice Network to the CallManager Cluster Subnet
access-list avvid_in permit udp 10.0.0.0 255.0.0.0 10.21.100.0 255.255.255.0 eq 2427
access-list avvid_in permit tcp 10.0.0.0 255.0.0.0 10.21.100.0 255.255.255.0 eq 2428
! MGCP from the Voice Network to the CallManager Cluster Subnet
access-list avvid_in permit tcp 172.21.0.0 255.255.0.0 10.21.100.0 255.255.255.0 eq 2748
! CTI (TAPI and JTAPI) for SoftPhone to the CallManager Cluster Subnet
access-list avvid_in permit tcp 172.21.0.0 255.255.0.0 10.21.100.0 255.255.255.0 eq 8404
! SoftPhone Directory to the CallManager Cluster Subnet
10-04-2001 07:12 PM
Opening a static TCP port to let media through may be hazardous to your customer's health. You should consider using specialized VoIP firewalls that open up dynamic pin holes on a per call basis.
10-05-2001 11:42 AM
What might those be? Is it an ios feature set? It sounds very useful. More info?
10-05-2001 02:53 PM
There is no surer way of opening certian ports on your firewall without putting the rest of the network at risk. Most of the ports mentioned here are known to hackers, and a little manipulation of the TCP packets could cause some buffer overflows, which translates into a home-run for the intruder. The safest solution is to get a VoIP Firewall. My company provides one of the very few out there for both h323 and SIP. Check out the whitepapers @ www.nextone.com, or contact me for more information. This is a serious issue, and most ISPs are realizing it now.
Eyabane
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide