Firewall Traversal Protocols And Ports; Overview; Process; Ports For Initial Connections From Traversal Clients - TANDBERG VCS Administration Manual

Video communication server

Hide thumbs Also See for VCS:

Administrator's manual (276 pages)

Getting started (10 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

page of 187

/ 187
Contents
Table of Contents
Bookmarks

Table of Contents

Firewall Traversal

Overview

Ports play a vital part in firewall traversal configuration. The

correct ports must be set on the VCS Border Controller,

traversal client and firewall in order for connections to be

permitted.

Ports are initially configured on the VCS Border Controller and

then advised to the firewall administrator and the traversal

client administrator, who must then configure their systems to

connect to these specific ports on the server. The only port

configuration that is done on the client is the range of ports it

uses for outgoing connections; the firewall administrator will

need to know this information so that if necessary they can

configure the firewall to allow outgoing connections from those

ports.

Process

•

Each traversal client connects via the firewall to a unique

port on the VCS Border Controller.

•

The server identifies each client by the port on which it

receives the connection, and the Authentication credentials

provided by the client.

•

Once established, the client constantly sends a probe to the

VCS Border Controller via this connection in order to keep

the connection alive.

•

When the VCS Border Controller receives an incoming call

for the client, it uses this initial connection to send an

incoming call request to the client.

•

The client then initiates a connection to the server. The

ports used for the call will differ for signaling and media,

and will depend on the protocol being used (i.e. SIP, Assent

or H.460.18/19).

Getting

System

Introduction

Started

Overview

D 14049.01

07.2007

Firewall Traversal Protocols and Ports

Ports for Initial Connections from Traversal Clients

Each traversal server zone specifies an

SIP port

to be used for the initial connection from the client.

Each time you configure a new traversal server zone on the

VCS, you will be allocated default port numbers for these

connections:

•

H.323 ports will start at 6001 and increment by 1 for every

new traversal server zone

•

SIP ports will start at 7001 and increment by 1 for every new

traversal server zone.

You can change these default ports if necessary but you must

ensure that the ports are unique for each traversal server zone.

Once the H.323 and SIP ports have been set on the VCS

Border Controller, matching ports must be configured on the

corresponding traversal client.

The default port used for the initial connections from

MXP endpoints is the same as that used for standard

RAS messages, i.e. UDP/1719. While it is possible to

change this port on the VCS server, most endpoints will not

support connections to ports other than UDP/1719. We

therefore recommend that this be left as the default.

H.33 Firewall Traversal Protocols

The VCS supports two different firewall traversal protocols for

H.323: Assent and H.460.18/H.460.19.

•

Assent is TANDBERG's proprietary protocol.

•

H.460.18 and H.460.19 are ITU standards which define

protocols for the firewall traversal of signaling and media

respectively. These standards are based on the original

TANDBERG Assent protocol.

In order for a traversal server and traversal client to

communicate, they must be using the same protocol.

The two protocols each use a slightly different range of ports.

System

H.323 & SIP

Registration

Configuration

Control

Assent Ports

H.323 port

and a

For connections to the VCS Border Controller using the Assent

protocol, the default ports are:

Call signaling

•

Media

•

H.460.8/9 Ports

For connections to the VCS Border Controller using the

H.460.18/19 protocols, the default ports are:

Call signaling

•

Media

•

SIP Ports

Call signaling

SIP call signaling uses the same port as used by the initial

connection between the client and server.

Media

Where the traversal client is a VCS or Gatekeeper, SIP media

uses Assent to traverse the firewall . The default ports are the

same as for H.323, i.e.:

•

Zones and

Call

Neighbors

Processing

TANDBERG

VIDEO COMMUNICATION SERVER

ADMINISTRATOR GUIDE

UDP/1719: listening port for RAS messages

TCP/2776: listening port for H.225 and H.245 protocols

UDP/2776: RTP media port

UDP/2777: RTCP media control port

UDP/1719: listening port for RAS messages

TCP/1720: listening port for H.225 protocol

TCP/2777: listening port for H.245 protocol

UDP/2776: RTP media port

UDP/2777: RTCP media control port

UDP/2776: RTP media port

UDP/2777: RTCP media control port

Firewall

Bandwidth

Maintenance

Traversal

Control

Appendices

Table of Contents

Firewall Traversal Protocols And Ports; Overview; Process; Ports For Initial Connections From Traversal Clients - TANDBERG VCS Administration Manual

Overview

Process

Firewall Traversal Protocols and Ports

Ports for Initial Connections from Traversal Clients

H.33 Firewall Traversal Protocols

Assent Ports

SIP Ports

Related Manuals for TANDBERG VCS

Related Content for TANDBERG VCS

Table of Contents

H.33 Firewall Traversal Protocols