TCP and UDP Port Usage Guide for Cisco Unified Communications

TCP and UDP Port Usage Guide for Cisco Unified CommunicationsManager, Release 10.0(1)First Published: 2013-12-03

Americas HeadquartersCisco Systems, Inc.170 West Tasman DriveSan Jose, CA 95134-1706USAhttp://www.cisco.comTel: 408 526-4000 800 553-NETS (6387)Fax: 408 527-0883

Text Part Number: OL-28669-02

Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: http://www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnershiprelationship between Cisco and any other company. (1110R)

© 2017 Cisco Systems, Inc. All rights reserved.

http://www.cisco.com/go/trademarks

http://www.cisco.com/go/trademarks

C O N T E N T S

P r e f a c e Preface v

Purpose v

Organization v

Related Documentation vi

Obtain Documentation and Support vi

Cisco Product Security Overview vi

P A R T I Cisco Unified Communications Manager TCP and UDP Port Usage 1

C H A P T E R 1 Cisco Unified Communications Manager TCP and UDP Port Usage 3

Port Usage 3

Port Descriptions 5

Intracluster Ports Between Cisco Unified Communications Manager Servers 5

Common Service Ports 7

Ports Between Cisco Unified Communications Manager and LDAP Directory 10

Web Requests From CCMAdmin or CCMUser to Cisco Unified Communications

Manager 11

Web Requests From Cisco Unified Communications Manager to Phone 11

Signaling, Media, and Other Communication Between Phones and Cisco Unified

Communications Manager 11

Signaling, Media, and Other Communication Between Gateways and Cisco Unified

Communications Manager 13

Communication Between Applications and Cisco Unified Communications Manager 15

Communication Between CTL Client and Firewalls 17

Special Ports on HP Servers 17

References 18

Firewall Application Inspection Guides 18

TCP and UDP Port Usage Guide for Cisco Unified Communications Manager, Release 10.0(1) OL-28669-02 iii

IETF TCP/UDP Port Assignment List 18

IP Telephony Configuration and Port Utilization Guides 18

VMware Port Assignment List 19

P A R T I I IM and Presence Service TCP and UDP Port Usage 21

C H A P T E R 2 Port Usage Information for the IM and Presence Service 23

Port usage overview 23

Information collated in table 23

IM and Presence Service port list 24

Glossary 37

TCP and UDP Port Usage Guide for Cisco Unified Communications Manager, Release 10.0(1)iv OL-28669-02

Contents

Preface

• Purpose, page v

• Organization, page v

• Related Documentation, page vi

• Obtain Documentation and Support, page vi

• Cisco Product Security Overview, page vi

PurposeThis document lists the TCP and UDP ports that Cisco Unified Communications Manager and the IM andPresence Service use for intracluster connections and communication with external applications or devices.Important information about the configuration of firewalls, Access Control Lists (ACLs), and quality of service(QoS) on a network when an IP Communications solution is implemented is also provided.

OrganizationThe following table shows the organization for this guide:

Table 1: Organization of TCP and Port Usage Guide for Cisco Unified Communications Manager

DescriptionPart

“Cisco Unified Communications Manager TCP and UDP port usage”Provides information about TCP and port usage settings for CiscoUnified CommunicationsManager.

Part 1

“IM and Presence Service TCP and UDP port usage”Provides information about TCP and port usage settings for the IM and Presence Service.

Part 2

TCP and UDP Port Usage Guide for Cisco Unified Communications Manager, Release 10.0(1) OL-28669-02 v

Related DocumentationCisco strongly recommends that you review the following documents for more details about installing andmaintaining Cisco Unified Communications Manager and the IM and Presence Service.

• For the latest Cisco Unified Communications Manager and IM and Presence Service requirements, seethe Release Notes for Cisco Unified Communications Manager.

• Installing Cisco Unified Communications Manager

This document describes procedures to follow when installing Cisco Unified CommunicationsManagerand the IM and Presence Service.

• Upgrade Guide for Cisco Unified Communications Manager

This document describes procedures to followwhen upgrading Cisco Unified CommunicationsManagerand the IM and Presence Service.

• Cisco Unified Communications Operating System Administration Guide

This document provides information about using the Cisco Unified Communications Platform graphicaluser interface (GUI) to perform many common system- and network-related tasks.

• Deployment Guide for IM and Presence Service on Cisco Unified Communications Manager

This document provides an overview of the configuration process for the IM and Presence Service.

• Cisco Unified Serviceability Administration GuideThis document provides descriptions and procedures for configuring alarms, traces, SNMP, and so on,through Cisco Unified Serviceability. It also describes how to activate, start, and stop feature and networkservices.

• Disaster Recovery System Administration Guide for Cisco Unified Communications Manager

This document provides an overview of the Disaster Recovery System and provides procedures forperforming various backup-related tasks and restore-related tasks.

All related documentation can be found at the following URL: http://www.cisco.com/en/US/products/sw/voicesw/ps556/tsd_products_support_series_home.html

Obtain Documentation and SupportFor information on obtaining documentation, obtaining support, providing documentation feedback, securityguidelines, and also recommended aliases and general Cisco documents, see the monthly What’s New inCisco Product Documentation, which also lists all new and revised Cisco technical documentation, at

http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html

Cisco Product Security OverviewThis product contains cryptographic features and is subject to United States and local country laws governingimport, export, transfer and use. Delivery of Cisco cryptographic products does not imply third-party authorityto import, export, distribute or use encryption. Importers, exporters, distributors and users are responsible for

TCP and UDP Port Usage Guide for Cisco Unified Communications Manager, Release 10.0(1)vi OL-28669-02

PrefaceRelated Documentation

http://www.cisco.com/en/US/products/sw/voicesw/ps556/tsd_products_support_series_home.html

http://www.cisco.com/en/US/products/sw/voicesw/ps556/tsd_products_support_series_home.html

http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html

compliance with U.S. and local country laws. By using this product you agree to comply with applicable lawsand regulations. If you are unable to comply with U.S. and local laws, return this product immediately.

Further information regarding U.S. export regulations may be found at

http://www.access.gpo.gov/bis/ear/ear_data.html

TCP and UDP Port Usage Guide for Cisco Unified Communications Manager, Release 10.0(1) OL-28669-02 vii

PrefaceCisco Product Security Overview

http://www.access.gpo.gov/bis/ear/ear_data.html

TCP and UDP Port Usage Guide for Cisco Unified Communications Manager, Release 10.0(1)viii OL-28669-02

PrefaceCisco Product Security Overview

P A R T ICisco Unified Communications Manager TCP andUDP Port Usage• Cisco Unified Communications Manager TCP and UDP Port Usage, page 3

C H A P T E R 1Cisco Unified Communications Manager TCP andUDP Port Usage

This chapter provides a list of the TCP and UDP ports that Cisco Unified Communications Manager usesfor intracluster connections and for communication with external applications or devices. You will also findimportant information for the configuration of firewalls, Access Control Lists (ACLs), and quality of service(QoS) on a network when an IP Communications solution is implemented.

• Port Usage, page 3

• Port Descriptions, page 5

• References, page 18

Port UsageCisco Unified Communications Manager TCP and UDP ports are organized into the following categories:

• Intracluster Ports Between Cisco Unified Communications Manager Servers

• Common Service Ports

• Ports Between Cisco Unified Communications Manager and LDAP Directory

• Web Requests From CCMAdmin or CCMUser to Cisco Unified Communications Manager

• Web Requests From Cisco Unified Communications Manager to Phone

• Signaling, Media, and Other Communication Between Phones and Cisco Unified CommunicationsManager

• Signaling, Media, and Other Communication Between Gateways and Cisco Unified CommunicationsManager

• Communication Between Applications and Cisco Unified Communications Manager

• Communication Between CTL Client and Firewalls

• Special Ports on HP Servers

See “Port Descriptions” for port details in each of the above categories.

TCP and UDP Port Usage Guide for Cisco Unified Communications Manager, Release 10.0(1) OL-28669-02 3

Cisco has not verified all possible configuration scenarios for these ports. If you are having configurationproblems using this list, contact Cisco technical support for assistance.

Note

Port references apply specifically to Cisco Unified Communications Manager. Some ports change from onerelease to another, and future releases may introduce new ports. Therefore, make sure that you are using thecorrect version of this document for the version of Cisco Unified Communications Manager that is installed.

While virtually all protocols are bidirectional, directionality from the session originator perspective is presumed.In some cases, the administrator can manually change the default port numbers, though Cisco does notrecommend this as a best practice. Be aware that Cisco Unified CommunicationsManager opens several portsstrictly for internal use.

Installing Cisco Unified Communications Manager software automatically installs the following networkservices for serviceability and activates them by default. Refer to “Intracluster Ports Between Cisco UnifiedCommunications Manager Servers” for details:

• Cisco Log Partition Monitoring (To monitor and purge the common partition. This uses no customcommon port.)

• Cisco Trace Collection Service (TCTS port usage)

• Cisco RIS Data Collector (RIS server port usage)

• Cisco AMC Service (AMC port usage)

Configuration of firewalls, ACLs, or QoS will vary depending on topology, placement of telephony devicesand services relative to the placement of network security devices, and which applications and telephonyextensions are in use. Also, bear in mind that ACLs vary in format with different devices and versions.

You can also configureMulticastMusic on Hold (MOH) ports in Cisco Unified CommunicationsManager.Port values for multicast MOH are not provided because the administrator specifies the actual port values.

Note

The ephemeral port range for the system is 32768 to 61000. For more information, see http://www.cisco.com/c/en/us/support/security/asa-5500-series-next-generation-firewalls/tsd-products-support-series-home.html.

Note

TCP and UDP Port Usage Guide for Cisco Unified Communications Manager, Release 10.0(1)4 OL-28669-02

Port Usage

http://www.cisco.com/c/en/us/support/security/asa-5500-series-next-generation-firewalls/tsd-products-support-series-home.html



Port Descriptions

Intracluster Ports Between Cisco Unified Communications Manager Servers

Table 2: Intracluster Ports Between Cisco Unified Communications Manager Servers

PurposeDestination PortTo (Listener)From (Sender)

Cisco AMC Service forRTMT performancemonitors, data collection,logging, and alerting

1090, 1099 / TCPRTMTUnified CommunicationsManager

Database connection(1501 / TCP is thesecondary connection)

1500, 1501 / TCPUnified CommunicationsManager (DB)

Unified CommunicationsManager (DB)

CAR IDS DB. CAR IDSengine listens on waitingfor connection requestsfrom the clients.

1510 / TCPUnified CommunicationsManager (DB)


CAR IDS DB. Analternate port used tobring up a secondinstance of CAR IDSduring upgrade.



Database replicationbetween nodes duringinstallation



Allows subscribers toreceive Cisco UnifiedCommunicationsManager database changenotification


Cisco Extended Functions(QRT)

Intraclustercommunication betweenCisco Extended Servicesfor Active/Backupdetermination

2551 / TCPUnified CommunicationsManager

Unified CommunicationsManager

Real-time InformationServices (RIS) databaseserver

2555 / TCPUnified CommunicationsManager (RIS)

Unified CommunicationsManager (RIS)


Port Descriptions


Real-time InformationServices (RIS) databaseclient for Cisco RIS

2556 / TCPUnified CommunicationsManager (RIS)

Unified CommunicationsManager(RTMT/AMC/SOAP)

DRS Master Agent4040 / TCPUnified CommunicationsManager (DRS)

Unified CommunicationsManager (DRS)

This port is used bySOAP monitor for RealTimeMonitoring Service.

5001/TCPUnified CommunicationsManager (SOAP)

Unified CommunicationsManager (Tomcat)

This port is used bySOAP monitor forPerformance MonitorService.



This port is used bySOAP monitor forControl Center Service.



This port is used bySOAP monitor for LogCollection Service.



SOAP monitor5007 / TCPUnified CommunicationsManager (SOAP)


Cisco Trace CollectionTool Service (TCTS) --the back end service forRTMT Trace and LogCentral (TLC)

Ephemeral / TCPUnified CommunicationsManager (TCTS)

Unified CommunicationsManager (RTMT)

This port is used forcommunication betweenCisco Trace CollectionTool Service and CiscoTrace Collection servlet.

7000, 7001, 7002 / TCPUnified CommunicationsManager (TCTS)


Client database changenotification

8001 / TCPUnified CommunicationsManager (CDLM)


Intraclustercommunication service

8002 / TCPUnified CommunicationsManager (SDL)

Unified CommunicationsManager (SDL)

Intraclustercommunication service(to CTI)

8003 / TCPUnified CommunicationsManager (SDL)

Unified CommunicationsManager (SDL)


Port Descriptions


Intraclustercommunication betweenCisco UnifiedCommunicationsManager and CMIManager

8004 / TCPCMI ManagerUnified CommunicationsManager

Internal listening portused by Tomcat shutdownscripts

8005 / TCPUnified CommunicationsManager (Tomcat)


Communication betweenservers used fordiagnostic tests

8080 / TCPUnified CommunicationsManager (Tomcat)


HTTP Port forcommunication betweenCuCM and GW (Cayugainterfae) for GatewayRecording feature.

8090Unified CommunicationsManager

Gateway

GatewayUnified CommunicationsManager

Intracluster replication ofsystem data by IPSecCluster Manager

8500 / TCP and UDPUnified CommunicationsManager (IPSec)

Unified CommunicationsManager (IPSec)

RIS Service Managerstatus request and reply

8888 - 8889 / TCPUnified CommunicationsManager (RIS)

Unified CommunicationsManager (RIS)

Intraclustercommunication betweenLBMs

9004 / TCPLocation BandwidthManager (LBM)

Location BandwidthManager (LBM)

Common Service Ports

Table 3: Common Service Ports


Internet Control MessageProtocol (ICMP) Thisprotocol number carriesecho-related traffic. Itdoes not constitute a portas indicated in the columnheading.


Endpoint

EndpointUnified CommunicationsManager


Port Descriptions


Send the backup data toSFTP server. (DRS LocalAgent)

Send the CDR data toSFTP server.

22 / TCPSFTP serverUnified CommunicationsManager (DRS, CDR)

Cisco UnifiedCommunicationsManager acting as aDHCP server

Cisco does notrecommendrunning DHCPserver on CiscoUnifiedCommunicationsManager.

Note

67 / UDPUnified CommunicationsManager (DHCP Server)

Endpoint

Cisco UnifiedCommunicationsManager acting as aDHCP client

Cisco does notrecommendrunning DHCPclient on CiscoUnifiedCommunicationsManager.Configure CiscoUnifiedCommunicationsManager withstatic IPaddressesinstead.)

Note

68 / UDPDHCP ServerUnified CommunicationsManager

Trivial File TransferProtocol (TFTP) serviceto phones and gateways

69, 6969, then Ephemeral/ UDP


Endpoint or Gateway

Trivial File TransferProtocol (TFTP) betweenmaster and proxy servers.

HTTP service from theTFTP server to phonesand gateways.


Endpoint or Gateway


Port Descriptions


Network Time Protocol(NTP)

123 / UDPNTP ServerUnified CommunicationsManager

SNMP service response(requests frommanagement applications)

161 / UDPUnified CommunicationsManager

SNMP Server

SNMP traps162 / UDPSNMP trap destinationCUCM Server SNMPMaster Agent application

Native SNMP agentlistening port for SMUXsupport


SNMP Server

DHCPv6. DHCP port forIPv6.

546 / UDPDHCP ServerUnified CommunicationsManager

Enhanced Location CACServiceability


Unified CommunicationsManager Serviceability

Call Admission requestsand bandwidth deductions



Used for communicationbetween Master Agentand Native Agent toprocess Native agentMIBrequests



Used for communicationbetween Master Agentand Native Agent toforward notificationsgenerated from NativeAgent



Centralized TFTP FileLocator Service

6970 / TCPAlternate TFTPCentralized TFTP

Used for communicationbetween SNMP MasterAgent and subagents



Cisco Discovery Protocol(CDP) agentcommunicates with CDPexecutable


SNMP Server


Port Descriptions


Used for Cisco User DataServices (UDS) requests


Endpoint

Service CRS requeststhrough the TAPSresiding on Cisco UnifiedCommunicationsManager



Cisco UnifiedCommunicationsManager applicationssend out alarms to thisport through UDP. CiscoUnified CommunicationsManager MIB agentlistens on this port andgenerates SNMP traps perCisco UnifiedCommunicationsManager MIB definition.



Provide trunk-based SIPservices

5060, 5061 / TCPUnified CommunicationsManager


Used by InterclusterLookup Service (ILS) forcertificate basedauthentication.



Used by ILS for passwordbased authentication.



Ports Between Cisco Unified Communications Manager and LDAP Directory

Table 4: Ports Between Cisco Unified Communications Manager and LDAP Directory


Lightweight DirectoryAccess Protocol (LDAP)query to externaldirectory (ActiveDirectory, NetscapeDirectory)

389, 636, 3268, 3269 /TCP

External DirectoryUnified CommunicationsManager

EphemeralUnified CommunicationsManager

External Directory


Port Descriptions

Web Requests From CCMAdmin or CCMUser to Cisco Unified Communications Manager

Table 5: Web Requests From CCMAdmin or CCMUser to Cisco Unified Communications Manager


Hypertext TransportProtocol (HTTP)


Browser

Hypertext TransportProtocol over SSL(HTTPS)


Browser

Web Requests From Cisco Unified Communications Manager to Phone

Table 6: Web Requests From Cisco Unified Communications Manager to Phone


Hypertext TransportProtocol (HTTP)

80 / TCPPhoneUnified CommunicationsManager

• QRT

• RTMT

• Find and ListPhones page

• PhoneConfiguration page

Signaling, Media, and Other Communication Between Phones and Cisco UnifiedCommunications Manager

Table 7: Signaling, Media, and Other Communication Between Phones and Cisco Unified Communications Manager


Trivial File TransferProtocol (TFTP) used todownload firmware andconfiguration files

69, then Ephemeral / UDPUnified CommunicationsManager (TFTP)

Phone

Skinny Client ControlProtocol (SCCP)


Phone


Port Descriptions


Secure Skinny ClientControl Protocol(SCCPS)


Phone

Provide trust verificationservice to endpoints.


Phone

Certificate AuthorityProxy Function (CAPF)listening port for issuingLocally SignificantCertificates (LSCs) to IPphones

3804 / TCPUnified CommunicationsManager (CAPF)

Phone

Session InitiationProtocol (SIP) phone

5060 / TCP and UDPUnified CommunicationsManager

Phone

PhoneUnified CommunicationsManager

Secure Session InitiationProtocol (SIPS) phone

5061 TCPUnified CommunicationsManager

Phone

PhoneUnified CommunicationsManager

HTTP-based download offirmware andconfiguration files

6970 TCPUnified CommunicationsManager (TFTP)

Phone

Phone URLs for XMLapplications,authentication,directories, services, etc.You can configure theseports on a per-servicebasis.


Phone

Real-Time Protocol(RTP), Secure Real-TimeProtocol (SRTP)

Cisco UnifiedCommunicationsManager onlyuses24576-32767although otherdevices use thefull range.

Note

16384 - 32767 / UDPPhoneIP VMS

IP VMSPhone


Port Descriptions

Signaling, Media, and Other Communication Between Gateways and Cisco UnifiedCommunications Manager

Table 8: Signaling, Media, and Other Communication Between Gateways and Cisco Unified Communications Manager


Generic RoutingEncapsulation (GRE),Encapsulating SecurityPayload (ESP),Authentication Header(AH). These protocolsnumbers carry encryptedIPSec traffic. They do notconstitute a port asindicated in the columnheading.

47, 50, 51Unified CommunicationsManager

Gateway


Internet Key Exchange(IKE) for IP Securityprotocol (IPSec)establishment


Gateway


Trivial File TransferProtocol (TFTP)

69, then Ephemeral / UDPUnified CommunicationsManager (TFTP)

Gateway

Port mapping service.Only used in the CIMEoff-path deploymentmodel.

1024-65535 / TCPCIME ASAUnified CommunicationsManager with CiscoIntercompany MediaEngine (CIME) trunk

Gatekeeper (H.225) RAS1719 / UDPUnified CommunicationsManager

Gatekeeper

H.225 signaling servicesfor H.323 gateways andIntercluster Trunk (ICT)


Gateway


H.225 signaling serviceson gatekeeper-controlledtrunk

Ephemeral / TCPUnified CommunicationsManager

Gateway



Port Descriptions


H.245 signaling servicesfor establishing voice,video, and data

The H.245 portused by theremote systemdepends on thetype of gateway.

For IOSgateways, theH.245 port rangeis from 11000 to65535.

Note

Ephemeral / TCPUnified CommunicationsManager

Gateway


Skinny Client ControlProtocol (SCCP)


Gateway

Upgrade port for 6608gateways with CiscoUnified CommunicationsManager deployments


Gateway

Upgrade port for 6624gateways with CiscoUnified CommunicationsManager deployments


Gateway

Media Gateway ControlProtocol (MGCP)gateway control


Gateway

Media Gateway ControlProtocol (MGCP)backhaul


Gateway

These ports are used asphantom Real-TimeTransport Protocol (RTP)and Real-Time TransportControl Protocol (RTCP)ports for audio, video anddata channel when CiscoUnified CommunicationsManager does not haveports for these media.

4000 - 4005 / TCP----


Port Descriptions


Session InitiationProtocol (SIP) gatewayand Intercluster Trunk(ICT)

5060 / TCP and UDPUnified CommunicationsManager

Gateway


Secure Session InitiationProtocol (SIPS) gatewayand Intercluster Trunk(ICT)


Gateway


Real-Time Protocol(RTP), Secure Real-TimeProtocol (SRTP)

Cisco UnifiedCommunicationsManager onlyuses24576-32767although otherdevices use thefull range.

Note

16384 - 32767 / UDPUnified CommunicationsManager

Gateway


Communication Between Applications and Cisco Unified Communications Manager

Table 9: Communication Between Applications and Cisco Unified Communications Manager


Certificate Trust List(CTL) provider listeningservice in Cisco UnifiedCommunicationsManager

2444 / TCPUnified CommunicationsManager CTL Provider

CTL Client

CTI application server2748 / TCPUnified CommunicationsManager

Cisco UnifiedCommunications App

TLS connection betweenCTI applications(JTAPI/TSP) andCTIManager



JTAPI application server2789 / TCPUnified CommunicationsManager



Port Descriptions


Cisco UnifiedCommunicationsManager Assistant server(formerly IPMA)


Unified CommunicationsManager AssistantConsole

Cisco UnifiedCommunicationsManager AttendantConsole (AC) JAVARMIRegistry server

1103 -1129 / TCPUnified CommunicationsManager

Unified CommunicationsManager AttendantConsole

RMI server sends RMIcallback messages toclients on these ports.



Attendant Console (AC)RMI server bind port --RMI server sends RMImessages on these ports.



Cisco UnifiedCommunicationsManager AttendantConsole (AC) server linestate port receives pingand registration messagefrom, and sends line statesto, the attendant consoleserver.



Cisco UnifiedCommunicationsManager AttendantConsole (AC) clientsregister with the ACserver for line and devicestate information.



Cisco UnifiedCommunicationsManager AttendantConsole (AC) clientsregister to the AC serverfor call control.


Unified CommunicationsManagerAttendantConsole

Multi-Service IOSRouterrunning EIGRP/SAFProtocol.

5050 / TCPIOS Router running SAFimage

Unified CommunicationsManager with SAF/CCD


Port Descriptions


VAP protocol used tocommunicate to the CiscoIntercompany MediaEngine server.

5620 / TCP

Cisco recommends avalue of 5620 for thisport, but you can changethe value by executing theadd ime vapserver or setime vapserver port CLIcommand on the CiscoIME server.

Cisco IntercompanyMedia Engine (IME)Server


AXL / SOAP API forprogrammatic reads fromor writes to the CiscoUnified CommunicationsManager database thatthird parties such asbilling or telephonymanagement applicationsuse.



Communication Between CTL Client and Firewalls

Table 10: Communication Between CTL Client and Firewalls


Certificate Trust List(CTL) provider listeningservice in an ASAfirewall

2444 / TCPTLS Proxy ServerCTL Client

Special Ports on HP Servers

Table 11: Special Ports on HP Servers


HTTP port to HP agent2301 / TCPHP SIMEndpoint

HTTPS port to HP agent2381 / TCPHP SIMEndpoint

COMPAQ ManagementAgent extension (cmaX)

25375, 25376, 25393 /UDP

Compaq ManagementAgent

Endpoint


Port Descriptions


HTTPS port to HP SIM50000 - 50004 / TCPHP SIMEndpoint

References

Firewall Application Inspection GuidesASA Series reference information


PIX Application Inspection Configuration Guides

http://www.cisco.com/c/en/us/support/security/pix-firewall-software/products-installation-and-configuration-guides-list.html

FWSM 3.1 Application Inspection Configuration Guide

http://www-author.cisco.com/c/en/us/td/docs/security/fwsm/fwsm31/configuration/guide/fwsm_cfg/inspct_f.html

IETF TCP/UDP Port Assignment ListInternet Assigned Numbers Authority (IANA) IETF assigned Port List

http://www.iana.org/assignments/port-numbers

IP Telephony Configuration and Port Utilization GuidesCisco CRS 4.0 (IP IVR and IPCC Express) Port Utilization Guide

http://www.cisco.com/en/US/products/sw/custcosw/ps1846/products_installation_and_configuration_guides_list.html

Port Utilization Guide for Cisco ICM/IPCC Enterprise and Hosted Editions


Cisco Unified Communications Manager Express Security Guide to Best Practices

http://www.cisco.com/en/US/netsol/ns340/ns394/ns165/ns391/networking_solutions_design_guidance09186a00801f8e30.html

Cisco Unity Express Security Guide to Best Practices

http://www.cisco.com/en/US/netsol/ns340/ns394/ns165/ns391/networking_solutions_design_guidance09186a00801f8e31.html#wp41149


References







http://www.iana.org/assignments/port-numbers









VMware Port Assignment ListTCP and UDP Ports for vCenter Server, ESX hosts, and Other Network Components Management Access


References

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1012382


References

P A R T IIIM and Presence Service TCP and UDP PortUsage• Port Usage Information for the IM and Presence Service, page 23

C H A P T E R 2Port Usage Information for the IM and PresenceService

• Port usage overview, page 23

• Information collated in table, page 23

• IM and Presence Service port list, page 24

Port usage overviewThis document provides a list of the TCP and UDP ports that the IM and Presence Service uses for intraclusterconnections and for communications with external applications or devices. It provides important informationfor the configuration of firewalls, Access Control Lists (ACLs), and quality of service (QoS) on a networkwhen an IP Communications solution is implemented.

Cisco has not verified all possible configuration scenarios for these ports. If you are having configurationproblems using this list, contact Cisco technical support for assistance.

Note

While virtually all protocols are bidirectional, this document gives directionality from the session originatorperspective. In some cases, the administrator can manually change the default port numbers, though Ciscodoes not recommend this as a best practice. Be aware that the IM and Presence Service opens several portsstrictly for internal use.

Ports in this document apply specifically to the IM and Presence Service. Some ports change from one releaseto another, and future releases may introduce new ports. Therefore, make sure that you are using the correctversion of this document for the version of IM and Presence Service that is installed.

Configuration of firewalls, ACLs, or QoS will vary depending on topology, placement of devices and servicesrelative to the placement of network security devices, and which applications and telephony extensions arein use. Also, bear in mind that ACLs vary in format with different devices and versions.

Information collated in tableTable 1 defines the information collated in each of the tables in this document.


Table 12: Definition of Table Information

DescriptionTable Heading

The client sending requests to this portFrom

The client receiving requests on this portTo

A client or server application or processRole

Either a Session-layer protocol used for establishingand ending communications, or an Application-layerprotocol used for request and response transactions

Protocol

A Transport-layer protocol that is connection-oriented(TCP) or connectionless (UDP)

Transport Protocol

The port used for receiving requestsDestination / Listener

The port used for sending requestsSource / Sender

IM and Presence Service port listThe following tables show the ports that the IM and Presence Service uses for intracluster and interclustertraffic.

Table 13: IM and Presence Service Ports - SIP Proxy Requests

RemarksSource /Sender

Destination/ Listener

TransportProtocol

ProtocolTo (Listener)From(Sender)

Default SIP Proxy UDPand TCP Listener

Ephemeral5060TCP/UDPSIPIM andPresence

--------------

SIP Gateway

SIP Gateway

--------------

IM andPresence

TLS ServerAuthentication listenerport

Ephemeral5061TLSSIPIM andPresence

SIP Gateway

TLS MutualAuthentication listenerport

Ephemeral5062TLSSIPIM andPresence

IM andPresence

Internal port. Localhosttraffic only.

Ephemeral5049UDP /TCP

SIPIM andPresence

IM andPresence


IM and Presence Service port list



TransportProtocol


Used for HTTP requestsfrom the Config Agent toindicate a change inconfiguration.

Ephemeral8081TCPHTTPIM andPresence

IM andPresence

Default IM and PresenceHTTP Listener. Used forThird-Party Clients toconnect

Ephemeral8082TCPHTTPIM andPresence

Third-partyClient

Default IM and PresenceHTTPS Listener. Usedfor Third-Party Clients toconnect

Ephemeral8083TLS / TCPHTTPSIM andPresence

Third-partyClient

Table 14: IM and Presence Service Ports - Presence Engine Requests



TransportProtocol


Default SIP UDP/TCPListener port

Ephemeral5080UDP /TCP

SIPIM andPresence(PresenceEngine)

IM andPresence

Internal port. Localhosttraffic only. LiveBusmessaging port. The IMand Presence Serviceuses this port for clustercommunication.

Ephemeral50000UDPLivebusIM andPresence(PresenceEngine)

IM andPresence(PresenceEngine)

Table 15: IM and Presence Service Ports - Cisco Tomcat WebRequests



TransportProtocol


Used for web accessEphemeral8080TCPHTTPSIM andPresence

Browser

Provides database andserviceability access viaSOAP

Ephemeral8443TLS / TCPAXL /HTTPS

IM andPresence

Browser





TransportProtocol


Provides access to Webadministration


Browser

Provides access to Useroption pages


Browser

Provides access to CiscoUnified PersonalCommunicator, CiscoUnified MobilityAdvantage, andthird-party API clientsvia SOAP

Ephemeral8443TLS / TCPSOAPIM andPresence

Browser

Table 16: IM and Presence Service Ports - External Corporate Directory Requests



TransportProtocolProtocolTo (Listener)From

(Sender)

Allows the Directoryprotocol to integrate withthe external CorporateDirectory. The LDAPport depends on theCorporate Directory (389is the default). In case ofNetscape Directory,customer can configuredifferent port to acceptLDAP traffic.

Allows LDAP tocommunicate betweenIM&P and the LDAPserver for authentication.

Ephemeral389

/ 3268

TCPLDAPExternalCorporateDirectory

--------------

IM andPresence

IM andPresence

--------------

ExternalCorporateDirectory

Allows the Directoryprotocol to integrate withthe external CorporateDirectory. LDAP portdepends on the CorporateDirectory (636 is thedefault).

Ephemeral636TCPLDAPSExternalCorporateDirectory

IM andPresence



Table 17: IM and Presence Service Ports - Configuration Requests



TransportProtocol


Config Agent heartbeatport

Ephemeral8600TCPTCPIM andPresence(ConfigAgent)

IM andPresence(ConfigAgent)

Table 18: IM and Presence Service Ports - Certificate Manager Requests



TransportProtocol


Internal port - Localhosttraffic only

Ephemeral7070TCPTCPCertificateManager

IM andPresence

Table 19: IM and Presence Service Ports - IDS Database Requests



TransportProtocol


Internal IDS port forDatabase clients.Localhost traffic only.

Ephemeral1500TCPTCPIM andPresence(Database)

IM andPresence(Database)

Internal port - this is analternate port to bring upa second instance of IDSduring upgrade.Localhost traffic only.

Ephemeral1501TCPTCPIM andPresence(Database)


Internal port. Localhosttraffic only. DBreplication port

Ephemeral1515TCPXMLIM andPresence(Database)




Table 20: IM and Presence Service Ports - IPSec Manager Requests



TransportProtocol


Internal port - clustermanager port used by theipsec_mgr daemon forcluster replication ofplatform data (hosts)certs

85008500UDP/TCPProprietaryIM andPresence(IPSec)

IM andPresence(IPSec)

Table 21: IM and Presence Service Ports - DRF Master Agent Server Requests



TransportProtocol


DRF Master Agentserver port, whichaccepts connections fromLocal Agent, GUI, andCLI

Ephemeral4040TCPTCPIM andPresence(DRF)

IM andPresence(DRF)

Table 22: IM and Presence Service Ports - RISDC Requests



TransportProtocol


Real-time InformationServices (RIS) databaseserver. Connects to otherRISDC services in thecluster to provideclusterwide real-timeinformation

Ephemeral2555TCPTCPIM andPresence(RIS)

IM andPresence(RIS)

Real-time InformationServices (RIS) databaseclient for Cisco RIS.Allows RIS clientconnection to retrievereal-time information

Ephemeral2556TCPTCPIM andPresence(RIS)

IM andPresence(RTMT/AMC/

SOAP)





TransportProtocol


Internal port. Localhosttraffic only. Used byRISDC (System Access)to link to servM via TCPfor service status requestand reply

88888889TCPTCPIM andPresence(RIS)

IM andPresence(RIS)

Table 23: IM and Presence Service Ports - SNMP Requests



TransportProtocol


Provides services forSNMP-basedmanagement applications

Ephemeral161, 8161UDPSNMPIM andPresence

SNMPServer

Native SNMP agent thatlistens for requestsforwarded by SNMPmaster agents

Ephemeral6162UDPSNMPIM andPresence

IM andPresence

SNMPMaster agent thatlistens for traps from thenative SNMP agent, andforwards to managementapplications

Ephemeral6161UDPSNMPIM andPresence

IM andPresence

Used as a socket for thecdp agent tocommunicate with thecdp binary

Ephemeral7999TCPTCPIM andPresence

SNMPServer

Used for communicationbetween the SNMPmaster agent andsubagents


IM andPresence

Sends SNMP traps tomanagement applications

Ephemeral162UDPSNMPSNMP TrapMonitor

IM andPresence

Internal SNMP trapreceiver

61441ConfigurableUDPSNMPIM andPresence

IM andPresence



Table 24: IM and Presence Service Ports - Racoon Server Requests



TransportProtocol


Enables Internet SecurityAssociation and theKey ManagementProtocol

Ephemeral500UDPIpsecIM andPresence

--------------

Gateway

Gateway

--------------

IM andPresence

Table 25: IM and Presence Service Ports - System Service Requests



TransportProtocol


Internal port. Localhosttraffic only. Used tolisten to clientscommunicating with theRIS Service Manager(servM).

Ephemeral8888 and8889

TCPXMLIM andPresence(RIS)

IM andPresence(RIS)

Table 26: IM and Presence Service Ports - DNS Requests



TransportProtocol


The port that DNS serverlisten on for IM andPresence DNS queries.

To: DNS Server | From:IM and Presence

Ephemeral53UDPDNSDNS ServerIM andPresence

Table 27: IM and Presence Service Ports - SSH/SFTP Requests



TransportProtocol


Used by manyapplications to getcommand line access tothe server. Also usedbetween nodes forcertificate and other fileexchanges (sftp)

Ephemeral22TCPSSH /SFTP

EndpointIM andPresence



Table 28: IM and Presence Service Ports - ICMP Requests



TransportProtocol


Internet ControlMessageProtocol (ICMP). Usedto communicate with theCisco UnifiedCommunicationsManager server

EphemeralNotApplicable

IPICMPCiscoUnifiedCommunicationsManager

--------------

IM andPresence

IM andPresence

--------------

CiscoUnifiedCommunicationsManager

Table 29: IM and Presence Service Ports - NTP Requests



TransportProtocol


Cisco UnifiedCommunicationsManager is the actingNTP server. Used bysubscriber nodes tosynchronize time withthe publisher node.

Ephemeral123UDPNTPNTP ServerIM andPresence



Table 30: IM and Presence Service Ports - Microsoft Exchange Notify Requests



TransportProtocol


Microsoft Exchange usesthis port to sendnotifications (usingNOTIFY message) toindicate a change to aparticular subscriptionidentifier for calendarevents. Used to integratewith any Exchangeserver in the networkconfiguration. Both portsare created. The kind ofmessages that are sentdepend on the type ofCalendar PresenceBackend gateway(s) thatare configured.

EphemeralIM andPresenceserver port(default50020)

)WebDAV- HTTP/UDP/IPnotifications

2) EWS -HTTP/TCP/IP SOAPnotifications

HTTP(HTTPu)

IM andPresence

MicrosoftExchange

Table 31: IM and Presence Service Ports - SOAP Services Requests



TransportProtocol


SOAP monitor portEphemeral5007TCPTCPIM andPresence(SOAP)

IM andPresence(Tomcat)

Table 32: IM and Presence Service Ports - AMC RMI Requests



TransportProtocol


AMC RMI Object port.Cisco AMC Service forRTMT performancemonitors, data collection,logging, and alerting.

Ephemeral1090TCPTCPRTMTIM andPresence

AMCRMIRegistry port.Cisco AMC Service forRTMT performancemonitors, data collection,logging, and alerting.

Ephemeral1099TCPTCPRTMTIM andPresence



Table 33: IM and Presence Service Ports - XCP Requests



TransportProtocol


Client access portEphemeral5222TCPTCPIM andPresence

XMPPClient

Server to Serverconnection (S2S) port


IM andPresence

HTTP listening port usedby the XCP WebConnection Manager forBOSH third-party APIconnections


Third-partyBOSH client

XCP Router MasterAccept Port. XCPservices that connect tothe router from an OpenPort Configuration (forexample XCPAuthenticationComponent Service)typically connect on thisport.

Ephemeral7400TCPTCPIM andPresence(XCP Router

IM andPresence(XCPServices)

MDNSport. XCP routersin a cluster use this portto discover each other.

Ephemeral5353UDPUDPIM andPresence(XCP Router

IM andPresence(XCP Router

Table 34: IM and Presence Service Ports - External Database (PostgreSQL) Requests



TransportProtocol


PostgreSQL databaselistening port

Ephemeral54321TCPTCPPostgreSQLdatabase

IM andPresence

1 This is the default port, however you can configure the PostgreSQL database to listen on any port.



Table 35: IM and Presence Service Ports - High Availability Requests



TransportProtocol


The port that CiscoServer RecoveryManager uses to provideadmin rpc requests.

Ephemeral20075TCPTCPIM andPresence(ServerRecoveryManager)

IM andPresence(ServerRecoveryManager)

The port that CiscoServer RecoveryManager uses tocommunicate with itspeer.

Ephemeral22001UDPUDPIM andPresence(ServerRecoveryManager)

IM andPresence(ServerRecoveryManager)

Table 36: IM and Presence Service Ports - In Memory Database Replication Messages



TransportProtocol


Cisco PresenceDatastoredual node presenceredundancy groupreplication.

Ephemeral9003TCPProprietaryIM andPresence

IM andPresence

Cisco Login Datastoredual node presenceredundancy groupreplication.


IM andPresence

Cisco SIP RegistrationDatastore dual nodepresence redundancygroup replication.


IM andPresence

Table 37: IM and Presence Service Ports - In Memory Database SQL Messages



TransportProtocol


Cisco PresenceDatastoreSQL Queries.


IM andPresence

Cisco Login DatastoreSQL Queries.


IM andPresence





TransportProtocol


Cisco SIP RegistrationDatastore SQL Queries.


IM andPresence

Cisco Route DatastoreSQL Queries.


IM andPresence

Table 38: IM and Presence Service Ports - In Memory Database Notification Messages



TransportProtocol


Cisco PresenceDatastoreXML-based changenotification.


IM andPresence

Cisco Login DatastoreXML-based changenotification.


IM andPresence

Cisco SIP RegistrationDatastore XML-basedchange notification.


IM andPresence

Cisco Route DatastoreXML-based changenotification.


IM andPresence

See the Cisco Unified Serviceability Administration Guide for information about SNMP.





Glossary

AXL / SOAP

Cisco Unified Communications XML Layer / Simple Object Access Protocol – API that applications use toread from or write to the Cisco Unified Communications Manager database.

CAPF

Certificate Authority Proxy Function – Used to load X.509 digital certificates into IP phones.

CDLM

Cisco Database Layer Monitor – Used to synchronize the database with what is running in active memory.CTI

Computer Telephony Integration—Provides a link between telephone systems and computers to facilitateincoming and outgoing call handling and control; the physical link between a telephone and server.

CTL Client

Certificate Trust List Client—Application that creates the Certificate Trust List that gets loaded into IP phones.This plug-in comes with Cisco Unified Communications Manager and can be run on any computer that hasIP connectivity to all Cisco Unified Communications Managers in the cluster and has a USB port.

DRF

Disaster Recovery Framework

Ephemeral Ports

In virtually all cases, source ports are ephemeral, meaning randomwithin a specified range.When an outgoingrequest is made, the application solicits the host device for a port from its ephemeral pool. In a few cases, thedestination port is also ephemeral, meaning that both the source and destination ports are random.

JTAPI

Java Telephony Application Program Interface—Sun Microsystems telephony programming interface forJava. It provides a set of classes and interfaces that provide access to call control and telephony device controlas well as media and administrative services.

LDAP

Lightweight Directory Access Protocol—Used to validate user credentials against the designated directoryservice.

LDAPS


Lightweight Directory Access Protocol over TLS/SSL—Used to validate user credentials against the designateddirectory service.

IP VMS

Cisco IP VoiceMedia Streaming Application—Used for music on hold, annunciator, conference bridge, mediatermination point (MTP), and so on.

RIS

Real-Time Information Services database—Used by the Real-Time Monitoring Tool (RTMT) in theServiceability application.

RTMT

Real-Time Monitoring Tool

SDL

Signal Distribution Layer Link—Used for intracluster communications.

SOAP

Simple Object Access Protocol

TCTS

Trace Collection Tool Service—The backend service for RTMT Trace and Log Central (TLC)

TFTP

Trivial File Transfer Protocol—Used to load firmware and configurations into phones, gateways, and so on.

Tomcat

Web server


Glossary

Documents

TCP and UDP Port Usage Guide for Cisco Unified Communications