Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

opening up CME to internet

I want to be able to have my IP phones and IP communicator machines to be able to register and use CME without having to VPN in. Seems like the port usage is rather complicated but this is what I have come up with so far.

access-list 101 permit udp any host eq tftp

access-list 101 permit tcp any host eq www

access-list 101 permit tcp any host eq 2000

access-list 101 permit udp any host range 24576 32768

Int the example below, is the public IP of my CME box and is the tftp server where I have copied and edited the config files with the public IP of the CME.

As of now the phones can register and dial-out but I am getting no audio.

Also, I see the phones requesting .tlv files from the tftp but I only have cnf files. What are the .tlv files for?

What am I missing for the audio?



  • IP Telephony

Re: opening up CME to internet

the issuse here is u have ACL applied on the outside interface as we know at the end of evry ACL there is an implicit deny now as u stated the phone rigister and dial but no audio audio use random upd port negocited between phones and CME this need to be solved in two

one way not good at all which u oped all upd traffic betwen 16xx 32xx

the best way is to have application inspection in ur case should be CBAC which is abalable on IOS firewall features if u use ISR mostly u have this feature this will open this port based on the seesion and closed after the end of the session (application inspection)

good luck

if helpful Rate

New Member

Re: opening up CME to internet

Thank you sir. I will take a look at that.