Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2865
Views
0
Helpful
6
Replies

TCP/UDP ports used by Call Manager for H 323 Communication

kvc
Level 1
Level 1

‎10-17-2003 08:56 AM - edited ‎03-13-2019 02:07 AM

Hi,

I have a Call Manager and IP Phones behind a Firewall. At the other side of the firewall i have a router with 2 FXS ports. I have connected two analog phones to these FXS ports. Now in the Call Manager i have added the router as a H 323 Gateway in order to have communication between the IP Phones and the Analog phones.

I want to know what ports are to be opened at the Firewall so that this communication can occur.

Thanks in advance

Labels:
0 Helpful
6 Replies 6

dugrant
Level 4
Level 4

‎10-17-2003 09:05 AM

http://www.cisco.com/en/US/products/sw/voicesw/ps556/products_tech_note09186a00801a62b9.shtml

Also make sure your firewall is "H.323 aware" so that it can dynamically open up the UDP ports used during H.245 negotiation.

0 Helpful

kvc
Level 1
Level 1
In response to dugrant

‎10-17-2003 09:34 AM

Hi,

Thanks for the reply.

If i correctly understand i need to open the following ports at the Firewall

UDP 16384 - 32667 ( for rtp traffic b/w Phones )

UDP 1719

TCP 1720

TCP 11000-65535 ( for H 323 Communications )

My doubt is can the communication between the phones be established by only opening up UDP 16384 - 32667.

Because If i have to open up all the ports mentioned as above then i am opening up almost all the TCP ports.

Awaiting your reply

Thanks

0 Helpful

dugrant
Level 4
Level 4
In response to kvc

‎10-17-2003 09:39 AM

Yes, you are right. This is why you need a firewall that is "H.323 aware", so that it can detect automagically what UDP ports are negotiated, and allow that traffic through.

Cisco IOS and PIX do this, so if you firewall is one of these youre OK.

0 Helpful

vmalhi
Level 1
Level 1
In response to dugrant

‎11-03-2003 05:47 AM

Why can't you enable H245 tunnelling so that H245 communication takes place over port 1720?

0 Helpful

sgamer
Level 1
Level 1
In response to dugrant

‎02-12-2004 02:58 PM

Dustin,

When I go to that link it says it's "under construction" so I assume it's being updated. Do you know when it will be published again?

0 Helpful

djones
Level 1
Level 1

‎10-24-2003 11:33 AM

If it's an h323-aware firewall ala PIX, you need a "fixup protocol h323 1720" which tells the FW to start to eavsdrop on port 1720 (h225 call setup) so it can glean the remainder of the ports to be opened (h245 & RTP).

The PIX acl or conduit must also allow the GW IP address in on port 1720 to begin the signalling process.

If you don't have an H323-aware FW, you have to allow ALOT of ports inbound from the GW:

TCP 1720 for h225,

TCP 4000-4999 for H245 (I think - the IOS gw's used a different range of ports than the AS5xxx gw's,

UDP 16384-32768 for RTP

Good luck,

/dan

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents