Topic Last Modified: 2010-08-29

For enterprise networks where Internet Protocol security (IPsec) (see IETF RFC 4301-4309) has been deployed, IPsec must be disabled over the range of ports used for the delivery of audio, video, and panorama video. The recommendation is motivated by the need to avoid any delay in the allocation of media ports due to IPsec negotiation.

The following table explains the recommended IPsec exception settings.

Recommended IPsec Exceptions

Rule name Source IP Destination IP Protocol Source port Destination port Filter action

A/V Edge Server Internal Inbound

Any

A/V Edge Server Internal

UDP and TCP

Any

Any

Permit

A/V Edge Server External Inbound

Any

A/V Edge Server External

UDP and TCP

Any

Any

Permit

A/V Edge Server Internal Outbound

A/V Edge Server Internal

Any

UDP & TCP

Any

Any

Permit

A/V Edge Server External Outbound

A/V Edge Server External

Any

UDP and TCP

Any

Any

Permit

Mediation Server Inbound

Any

Mediation

Server(s)

UDP and TCP

Any

Any

Permit

Mediation Server Outbound

Mediation

Server(s)

Any

UDP and TCP

Any

Any

Permit

Conferencing Attendant Inbound

Any

Any

UDP and TCP

Any

Any

Permit

Conferencing Attendant Outbound

Any

Any

UDP and TCP

Any

Any

Permit

A/V Conferencing Inbound

Any

A/V Conferencing Servers

UDP and TCP

Any

Any

Permit

A/V Conferencing Server Outbound

A/V Conferencing Servers

Any

UDP and TCP

Any

Any

Permit

Exchange Inbound

Any

Exchange Unified Messaging

UDP and TCP

Any

Any

Permit

Application Sharing Servers Inbound

Any

Application Sharing Servers

TCP

Any

Any

Permit

Application Sharing Server Outbound

Application Sharing Servers

Any

TCP

Any

Any

Permit

Exchange Outbound

Exchange Unified Messaging

Any

UDP and TCP

Any

Any

Permit

Clients

Any

Any

UDP

Specified media port range

Any

Permit