From: Justin Menga (Justin.Menga@xxxxxxxxxxxxxxxxxx)
Date: Wed Nov 01 2000 - 17:59:47 GMT-3
Voice call process:
1. Call Setup
2. Call Connection (Voice Stream)
Call Setup typically is using H.323. H.323 is a suite of protocols. H.225
is the initial protocol used and talks to server port 1720. However, TCP
ports are dynamically negotiated for H.245 protocol, which is the next phase
of negotiation. Thus, port 1720 is not enough, and you require a firewall
that is capable of understanding H.323 (e.g. Cisco CBAC - ip inspect EXAMPLE
h323). If you are using Cisco IP phones, Skinny Station Protocol is used
for Call Setup. This uses TCP 2000 (can use 2001-2003 for some under
functions e.g. 2003 for conference briding with Cisco Call Manager), and an
ACL for this port is sufficient.
The voice stream is an RTP traffic stream. This is a UDP traffic type and
uses the port range of 16384 - 32767. There is a formula for calculating
the max. port number that will be used, but I do not know it off the top of
my head.
e.g. access-list 100 permit udp any range 16384 32767 any range 16384 32767
If you are using Cisco IP phones, you can specify IP precedence equal to 5
to tie down the ACL better
e.g. access-list 100 permit udp any range 16384 32767 any range 16384 32767
precedence 5
Regards,
Justin Menga MCSE+I CCNP CCSE ASE
WAN Specialist
Computerland New Zealand
PO Box 3631, Auckland
DDI: (+64) 9 360 4864 Mobile: (+64) 25 349 599
mailto: justin.menga@computerland.co.nz
-----Original Message-----
From: Simon Hopkins [mailto:simon@muddypaws.net]
Sent: Thursday, 2 November 2000 9:36 a.m.
To: ccielab@groupstudy.com
Subject: VOICE ACL RANGE
Does anyone know the exact UDP range for a voice ACL? Also is TCP port
1720 RTP?
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:25:40 GMT-3