Topic Last Modified: 2010-07-18
For Enterprise networks where Internet Protocol security (IPsec) (see IETF RFC 4301-4309) has been deployed, IPsec must be disabled over the range of ports used for the delivery of audio, video, and panorama video. The recommendation is motivated by the need to avoid any delay in the allocation of media ports due to IPsec negotiation.
The following table explains the recommended IPsec exception settings.
Recommended IPsec Exceptions
| Rule name | Source IP | Destination IP | Protocol | Source port | Destination port | Filter action |
|---|---|---|---|---|---|---|
|
A/V Edge Server Internal Inbound |
Any |
A/V Edge Server Internal |
UDP and TCP |
Any |
Any |
Permit |
|
A/V Edge Server External Inbound |
Any |
A/V Edge Server External |
UDP and TCP |
Any |
Any |
Permit |
|
A/V Edge Server Internal Outbound |
A/V Edge Server Internal |
Any |
UDP & TCP |
Any |
Any |
Permit |
|
A/V Edge Server External Outbound |
A/V Edge Server External |
Any |
UDP and TCP |
Any |
Any |
Permit |
|
Mediation Server Inbound |
Any |
Mediation Server(s) |
UDP and TCP |
Any |
Any |
Permit |
|
Mediation Server Outbound |
Mediation Server(s) |
Any |
UDP and TCP |
Any |
Any |
Permit |
|
Conferencing Attendant Inbound |
Any |
Any |
UDP and TCP |
Any |
Any |
Permit |
|
Conferencing Attendant Outbound |
Any |
Any |
UDP and TCP |
Any |
Any |
Permit |
|
A/V Conferencing Inbound |
Any |
A/V Conferencing Servers |
UDP and TCP |
Any |
Any |
Permit |
|
A/V Conferencing Server Outbound |
A/V Conferencing Servers |
Any |
UDP and TCP |
Any |
Any |
Permit |
|
Exchange Inbound |
Any |
Exchange Unified Messaging |
UDP and TCP |
Any |
Any |
Permit |
|
Application Sharing Servers Inbound |
Any |
Application Sharing Servers |
TCP |
Any |
Any |
Permit |
|
Application Sharing Server Outbound |
Application Sharing Servers |
Any |
TCP |
Any |
Any |
Permit |
|
Exchange Outbound |
Exchange Unified Messaging |
Any |
UDP and TCP |
Any |
Any |
Permit |
|
Clients |
Any |
Any |
UDP |
Specified media port range |
Any |
Permit |