For Enterprise networks where Internet Protocol security (IPsec) (see IETF RFC 4301-4309) has been deployed, IPsec must be disabled over the range of ports used for the delivery of audio, video, and panorama video. The recommendation is motivated by the need to avoid any delay in the allocation of media ports due to IPsec negotiation.

The following table explains the recommended IPsec exception settings. For clients, for details about how to specify a range of ports to limit the extent of the IPsec exceptions that must be put in place in your network, see the minimum and maximum media port range section in the Office Communications Server Technical Reference content.

Table 1. Recommended IPsec Exceptions

Rule name Source IP Destination IP Protocol Source port Destination port Filter action

A/V Edge Server Internal Inbound

Any

A/V Edge Server Internal

UDP and TCP

Any

Any

Permit

A/V Edge Server External Inbound

Any

A/V Edge Server External

UDP and TCP

Any

Any

Permit

A/V Edge Server Internal Outbound

A/V Edge Server Internal

Any

UDP & TCP

Any

Any

Permit

A/V Edge Server External Outbound

A/V Edge Server External

Any

UDP and TCP

Any

Any

Permit

Mediation Server Inbound

Any

Mediation

Server(s)

UDP and TCP

Any

Any

Permit

Mediation Server Outbound

Mediation

Server(s)

Any

UDP and TCP

Any

Any

Permit

Conferencing Attendant Inbound

Any

Any

UDP and TCP

Any

Any

Permit

Conferencing Attendant Outbound

Any

Any

UDP and TCP

Any

Any

Permit

A/V Conferencing Inbound

Any

A/V Conferencing Servers

UDP and TCP

Any

Any

Permit

A/V Conferencing Server Outbound

A/V Conferencing Servers

Any

UDP and TCP

Any

Any

Permit

Exchange Inbound

Any

Exchange Unified Messaging

UDP and TCP

Any

Any

Permit

Exchange Outbound

Exchange Unified Messaging

Any

UDP and TCP

Any

Any

Permit

Clients

Any

Any

UDP

Specified media port range

Any

Permit