Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
352
Views
0
Helpful
5
Replies

Firewall Problem with IP Phone!!

kennethh
Level 1
Level 1

‎10-04-2001 07:50 AM - edited ‎03-12-2019 12:47 PM

Hi All,

I have customer using our IP Phone 7960, but he has some sort of Firewall, I believe that they block the TCP Port. Therefore, I have to tell them to open the TCP Port for 7960.

Is there anyone know that what is the port number for IP Phone 7960???

Ken

Ken

Labels:
0 Helpful
5 Replies 5

dgoodwin
Cisco Employee
Cisco Employee

‎10-04-2001 08:53 AM

TCP port 2000 is used for Skinny signaling to the CallManager. However there are a number of other ports that would be important to have open. For example:

UDP/69 - TFTP

TCP/80 - corporate directory, XML services. not always 80

UDP/67 - DHCP server

UDP/68 - DHCP client

UDP/16384-32767 - RTP audio

There are probably more I haven't thought of from the top of my head.

0 Helpful

bphelps
Level 2
Level 2
In response to dgoodwin

‎10-04-2001 09:00 AM

access-list avvid_in permit udp 10.0.0.0 255.0.0.0 10.21.100.0 255.255.255.0 eq tftp

! Allow TFTP from the Voice Network to the CallManager Cluster Subnet

access-list avvid_in permit tcp 10.0.0.0 255.0.0.0 10.21.100.0 255.255.255.0 eq 2000

access-list avvid_in permit tcp 10.0.0.0 255.0.0.0 10.21.100.0 255.255.255.0 eq 2001

access-list avvid_in permit tcp 10.0.0.0 255.0.0.0 10.21.100.0 255.255.255.0 eq 2002

! Allow Skinny from the Voice Network to the CallManager Cluster Subnet

access-list avvid_in permit tcp 10.0.0.0 255.0.0.0 10.21.100.0 255.255.255.0 eq 1719

access-list avvid_in permit tcp 10.0.0.0 255.0.0.0 10.21.100.0 255.255.255.0 eq 1720

access-list avvid_in permit tcp 10.0.0.0 255.0.0.0 10.21.100.0 255.255.255.0 range 11000

11999

! H.323 access from the Voice Network to the CallManager Cluster Subnet

access-list avvid_in permit udp 10.0.0.0 255.0.0.0 10.21.100.0 255.255.255.0 eq 2427

access-list avvid_in permit tcp 10.0.0.0 255.0.0.0 10.21.100.0 255.255.255.0 eq 2428

! MGCP from the Voice Network to the CallManager Cluster Subnet

access-list avvid_in permit tcp 172.21.0.0 255.255.0.0 10.21.100.0 255.255.255.0 eq 2748

! CTI (TAPI and JTAPI) for SoftPhone to the CallManager Cluster Subnet

access-list avvid_in permit tcp 172.21.0.0 255.255.0.0 10.21.100.0 255.255.255.0 eq 8404

! SoftPhone Directory to the CallManager Cluster Subnet

0 Helpful

raj
Level 1
Level 1

‎10-04-2001 07:12 PM

Opening a static TCP port to let media through may be hazardous to your customer's health. You should consider using specialized VoIP firewalls that open up dynamic pin holes on a per call basis.

0 Helpful

bphelps
Level 2
Level 2
In response to raj

‎10-05-2001 11:42 AM

What might those be? Is it an ios feature set? It sounds very useful. More info?

0 Helpful

eyabane
Level 1
Level 1

‎10-05-2001 02:53 PM

There is no surer way of opening certian ports on your firewall without putting the rest of the network at risk. Most of the ports mentioned here are known to hackers, and a little manipulation of the TCP packets could cause some buffer overflows, which translates into a home-run for the intruder. The safest solution is to get a VoIP Firewall. My company provides one of the very few out there for both h323 and SIP. Check out the whitepapers @ www.nextone.com, or contact me for more information. This is a serious issue, and most ISPs are realizing it now.

Eyabane

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents