Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

TMS ports

Hi Everyone,

Hi have a TMS in a DMZ and a coupple of C20 in LAN;

I have open from DMZ to C20 the following port : 80,443 TCP and 161 UDP. But TMS can't reach the C20.

what are the correct ports to open in the firewall for add the C20 in the TMS?

thansk,

Carlo

  • TelePresence
12 REPLIES
Cisco Employee

TMS ports

Carlo,

You should refer to the Cisco TMS Admin Guide, in parituclar the section that discusses Support for Remote Systems/SoHo systems on what is required when adding a remote system to the Cisco TMS:

http://www.cisco.com/en/US/docs/telepresence/infrastructure/tms/admin_guide/Cisco_TMS_Admin_Guide_13-1.pdf

TMS ports

Hi, I have checked that the ports required in the Manual: tcp 80, 443 and UDP 161

are open in my Firewall.

any suggestions?

Cisco Employee

TMS ports

If possible, the easiest way to add a remote system to Cisco TMS is to first have the system registered in Cisco TMS before you bring it to the remote location. Before you unplug it, go to Edit Settings in the Settings tab for the system and click Enforce Management Settings. If the system will be behind a firewall that is not open or doesn’t have HTTP or HTTPS ports opened up, you also have to go to the Connection tab on that endpoint and change System Connectivity to Behind Firewall. Cisco TMS will then set the management address on that system to Cisco TMS external management address. When the system is plugged in from the remote location, the system will then send a boot event to Cisco TMS and from then on the system will be available from Cisco TMS, i.e. heartbeat.

If the above isn't possible, then you'll need to set the external management address of Cisco TMS on the endpoint. Note that this is the address that you've configured in TMS at Admin Tools > Configuration > Network Settings  > Advanced Network Settings for Systems on Public Internet/Behind Firewall.  When this has been set, the endpoint will send a register event to Cisco TMS, and when Cisco TMS receives this and notices that the system is not already in Cisco TMS, it will add it to a list. One must then add the system to Cisco TMS afterwards.

If your system is in public, not behind a firewall or behind a firewall that has opened up the HTTP or HTTPS ports, it is advised to change the system connectivity on the system to Reachable on Public Internet. This way it will also be possible for Cisco TMS to set up calls where the endpoint is calling out, and not only being called to.

Re: TMS ports

Hi Dale!

Btw, what is the difference in between the communication of "on public internet" vs. "on lan"?

Does public internet skip snmp traps and use https preferred or what happens there?

Martin

Please remember to rate helpful responses and identify

Cisco Employee

Re: TMS ports

The two Reachable On connectivities are pretty much the same, except for the management URL they get when you enforce management settings, they both pick a different address from the ones configured in the Network Settings. In both cases systems can be reached directly and the same protocol will be used for both.

Behind FW is different because TMS cannot reach these systems, they will communicate with TMS using the SOHO heartbeat mechanism as described in the Admin guide.

TMS ports

ok, sure, the FQN under "Advanced Network Settings for Systems on Public Internet/Behind Firewall".

Anyhow, it might be handy if that config would extended to have a:

* on external communication allow only secure communication

which also should disallow unencrypted http, snmp, ftp, ... from and to the endpoint

Please remember to rate helpful responses and identify

New Member

TMS ports

It may be that you endpoint is configured for the DNS name of TMS and does not have DNS configured or a proxy sits between your C20 and TMS that requires authentication.

Can you browse to the feedback URL ( can get it from and xstatus feed command) from a PC that is on the same subnet as the C20

Re: TMS ports

Hi Carlo!

I would assume you have done something not 100% correct.

You said DMZ, do you have any kind of NAT in between?

How does it look when you try to add a system, some screenshots would be handy.

I would do a tcpdump/wireshark on the endpoint/on the TMS and compare what is send/received.

A look inside the logfiles has also never harmed :-)

Did you try to access the http and https interface of the endpoint from the TMS?

Btw, for sysadmin reasons I would also open ssh from the TMS to the endpoints.

Please vote the answers!

Please remember to rate helpful responses and identify

TMS ports

Hi ,

thanks to all.

I resolved this issue by open udp 161. The firewall  wasn't  configure  ok.

the last question:  if the port 161 udp  was blocked  by firewall, why  when I add the the c20 in tms with

"Discover Non-SNMP Systems" checked,  the TMS  response is : system no found?

3354
Views
5
Helpful
12
Replies
This widget could not be displayed.