Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Call Manager 7.x, Call Manager Express and Firewall

Hi everyone,

I am wondering if it is necessary for a call setup to have the following ports opened:

Call Manager Express: TCP 11000-65535,

Call Manager 7.x: TCP 32768-61000?

Thank you very much.

6 REPLIES
New Member

Re: Call Manager 7.x, Call Manager Express and Firewall

You Need to open TCP ports. IF CUCME/Gateway will be registered in CUCM as a Gateway then you need to open some extra port for SIP 5060, 5061 H.323 1720, 1721 and MGCP TCP or UDP 2427, 2727

New Member

Call Manager 7.x, Call Manager Express and Firewall

When a phone registered with the CME calls to another phone registered with the Call Manager 7 the phone rings but it gets disconnected when is off-hook. The firewall is blocking a call setup between the Call Managers. What ports need to be opened on a firewall to permit this type of communication (signalling)?

Thank you.

Call Manager 7.x, Call Manager Express and Firewall

Sonia,

If the CME gateway is communicating with the CUCM cluster then you are either using SIP or H323 for call signaling.  If you are using SIP and you are using the default ports then you will be using one of the following:

TCP or UDP 5060 

TCP 5061 (if you are using TLS)

If you are using H.323 then you will use TCP 1720 for H225 call setup and an ephemeral TCP port range for H.245 media negotiation. For CUCM, the ephemeral range is TCP 32768 – 61000. For CME, the ephemeral port range is TCP 11000 - 11999.

Check the following URLs:

CUCM:

http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/port/7_0/CCM_7.0PortList.pdf

CME:

http://www.cisco.com/en/US/docs/voice_ip_comm/cucme/srnd/design/guide/multcme.html#wp1078455

In your call scenario, what symptoms are noticed when the CUCM phone answers the call? You said it gets disconnected? I assume that means you are receiving a fast busy on the CME phone. This points directly to media negotiation.

If, on the other hand, you hear one-way audio or no-way audio then the issue points more to the media set up between the two phones. Unless you are using the CUBE functionality on the CME (or a TRP or a MTP) then you will also need to allow UDP range 16384 - 32767 (bi-directional) between your CME and CUCM phone subnets.

HTH

-Bill
(b) http://ucguerrilla.com
(t) @ucguerrilla

Please remember to rate helpful responses and identify helpful or correct answers.

HTH -Bill (b) http://ucguerrilla.com (t) @ucguerrilla

Please remember to rate helpful responses and identify

New Member

Re: Call Manager 7.x, Call Manager Express and Firewall

Hi Bill,

I think when the phone is off-hook first there is a silence for a couple of seconds and after that a fast busy tone. Do I need to open the firewall for TCP ports 32768-61000?

For the CME what ports need to be opened?

I looked into this document http://www.cisco.com/en/US/docs/voice_ip_comm/cucme/srnd/design/guide/security.html#wp1080466, Table 10-1 and it shows that:

H.245

TCP 11000-65535

H.323 Call control, port assignment random

Thank you very much,

Sonia

Re: Call Manager 7.x, Call Manager Express and Firewall

Sonia,

The symptoms you describe are directly related to media negotiation failures. If you are using H.323 then you will need to open up the firewall to allow for the appropriate TCP ports. The CME SRND apparently has conflicting information. The link you provided is from the same document I referenced for range 11000-11999. I do not know which table is most accurate and, unless you want to experiment, I would go with the broader range. On your firewall, I would also specify the host IP addresses to minimize exposure.

HTH

-Bill
(b) http://ucguerrilla.com
(t) @ucguerrilla

Please remember to rate helpful responses and identify helpful or correct answers.

HTH -Bill (b) http://ucguerrilla.com (t) @ucguerrilla

Please remember to rate helpful responses and identify

New Member

Re: Call Manager 7.x, Call Manager Express and Firewall

There is codec mismatch. Did you use any codec forcefully in dial-peer (which is pointing to CUCM). Better if you post your CME configuration here. Did you creat SCCP profile to reigster your MR in CUCM?

295
Views
0
Helpful
6
Replies
CreatePlease login to create content