Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

In Cisco CallManager 4.x, the AC fails to work across a firewall, with the error message "error communicating with the server ports" and uses random TCP

Core Issue

The Cisco CallManager Attendant Console (AC) is supposed to use TCP port 2748 and ports 1099 through 1129. However, when a firewall is deployed between Cisco CallManager and the AC, it uses TCP ports outside of this range.

This problem occurs because the use of a firewall between the Cisco CallManager server and the AC client is not currently supported. A firewall is not supported because the AC uses some random    ports for Remote Method Invocation (RMI) connections. Only one available port is used to initiate the RMI connection, starting with 1099. After the RMI connection is established, RMI uses a random TCP port (normally the first available port). thus, the port for the firewall cannot be specified. If these random ports are not open, the AC fails and can display the error communicating with the server error message.

User Data Protocol (UDP) ports are mostly used for line state. The UDP port can be configured in the Advanced Settings dialog box. If no port is configured, the AC uses the first available UDP port (random).

So, if a free UDP port is specified (for example, port 1234 in the Attendant Settings dialog box),   this port must be allowed in the firewall.

Note: Enter the UDP port as IP Address: UDP port in the Local    Host IP Address (for line state) field, under the Advanced tab of the Attendant    Settings dialog box. For example, if port 1234 is used, 10.1.30.10:1234 must be written in the Advanced Settings dialog box. UDP communication takes place on this port thereafter.

There are three types of communication between the AC client and server:

  • AC client to RMI (telephony call dispatcher)

    The client always connects to RMI at server port 1099 through 1129. Then, the server tells the client to establish a second TCP session with the server on a  second TCP port. This port is randomly taken and there is no way to guarantee that a particular TCP port is always used.

  • AC client to Quick Buffer Encoding (QBE) (Computer Telephony Integration (CTI) manager)

    The QBE communication establishes a TCP session with the server at TCP port 2748.

  • AC client to Line State Server (LSS) (telephony call dispatcher)

    In this case, there is UD LSS traffic coming from the servers. This can be fixed in  the Advanced Settings dialog box.

The ports specified in the Services Parameters dialog box are used by Cisco CallManager to listen to Termination Call Detail (TCD) requests, initialize the AC clients and offer line state information to the clients. These TCP ports must not be changed.

Resolution

The AC was not designed to work with a firewall or NAT. However, there is a feature request bug filed to lockdown the port range. For more information, refer to Cisco bug ID is CSCee21603.

This problem will be fixed in Cisco CallManager version 5.x because firewall support will be added to this release of AC, with a custom socket factory for RMI connections. Therefore, applications are able to specify a user-configurable TCP port for the RMI bind port at the server machine, through the AC server Service Parameters dialog box. A user-configurable TCP port can be selected for RMI callback at the AC client, through the Settings dialog box.

For now, the only workaround for this issue is to either unblock all the TCP ports or disable the firewall.

For related information, refer to these documents:

Version history
Revision #:
1 of 1
Last update:
‎06-22-2009 03:34 PM
Updated by:
 
Labels (1)