IPOffice TCP and UDP ports throuh a firewall 1

[crashtest1000]

Can any one give me a definitive list of the TCP, UDP and any other ports the IPO uses when connecting two systems via a third party router using Small Community Networking?

We have a firewall which is stopping the VoIP call setup.

 

[voldbjerg]

Hi

Check the log on your firewall. It will probably have a list of denied packets.

But please be aware that H.323 uses a large range of ports once the session is up, so make sure that you FW is H.323 aware.

What kind of firewall are you using?

/Voldbjerg

 

[GrandmasterOPI]

You could ask Peter Naylor, he knows every thing.

 

[TheBoyWonder]

The port no. for voip is 1720. However beware as outlined below:

An H.323 call is made up of many different simultaneous connections.
At least two of the connections are TCP. For an audio-only conference, there may be up to 4 different UDP `connections' made. All of these connections except one are made to ephemeral (dynamic) ports.

Below Is a brief outline of the call to help you understand the difficulties that are involved, because of the number of ports used and the fact that many are dynamic.

Brief Outline of a Call:-

The call is basically managed at three different layers. It's starts by making a TCP connection to the well known port for H.323, port 1720.

The two ends then send Q.931 packets across this connection. As part of this exchange, both ends also send an ephemeral (dynamic port number greater than 1024) port to be used for the H.245 connection.

The H.245 connection is made from the caller to the ephemeral port negotiated across the Q.931 stream.
H.245 also has commands that cause UDP connections to be made. Essentially, once the audio (and video) codecs and parameters have been negotiated, the H.245 session executes an OpenLogicalChannel sequence. This sequence sends the transmitter's RTCP address and port number as well as the receiver's RTP and RTCP address and port number

Also, the RTP protocol requires two UDP `connections', using adjacent streams. The associated RTCP and RTP streams are required to be one port apart (with the RTP port being even and the RTCP being the next higher odd).

Because of H.323's heavy use of ephemeral (dynamic) ports, the only way for a packet filtering router to support H.323 is to open up all UDP and TCP ports above 1024 in each direction. This policy does not provide much protection.

NOTE : The addresses and port numbers are exchanged within the data stream of the `next higher' connection. For example, the port number for the H.245 connection is established within the Q.931 data stream (This makes it particularly difficult for address translating firewalls, which must modify the addresses inside those data streams.)

Hope this helps and dosent just serve to confuse you.

Also, here are a list of UDP Port number of the common IPO applications:

Monitor application - 1764 (06e4 hex)
PC Partner - 1765 (06e5 hex)
Manager - standard TFTP ports - 69 (0045 hex)
TAPI - standard TAPI ports

PC Partner = WOC, BLF, Call Status, Phone Status, Phone Manager.
Manager = Manager, Install Wizard, Client Install Wizard & Upgrade Wizard.

 

[SpareTek]

I opened up ports 0 - 65535 on both UDP and TCP on my Adtran Netvanta router and still cannot get an IP Softphone to work. I can move my internet access from the Adtran over to the IPOffice WAN port and it will work, but once I move it to a different router on my LAN it stops, despite opening all the ports. I have tried 4 different brands of routers and cant get the softphone through any router except the IP Office. Of course, with the IPOffice as the internet access router, you can't do inbound nat, because the IP Office NAT does not work. So it's a catch22! I know you can use a VPN to eliminate the NAT issue at the Softphone end, but this is not the issue with my setup, because my softphone end is not being natted.

 

[IPGuru]

Inbound nat should work on the IPO - check you are running the latest version of firmware.
alternatively if you set the IPO as your default gateway you should be able to forward all internet trafic to the firewall/gateway with the following IP Route

IP Addr (Blank)
Subnet Mask (blank)
Gateway IP Addr (your firewall/router)
destination = lan1