tcp and udp port usage guide for cisco unified ......manager(tomcat) thisportisusedbysoap...

TCP and UDP Port Usage Guide for Cisco Unified CommunicationsManager, Release 10.5(x)First Published: 2015-11-10

Americas HeadquartersCisco Systems, Inc.170 West Tasman DriveSan Jose, CA 95134-1706USAhttp://www.cisco.comTel: 408 526-4000

800 553-NETS (6387)Fax: 408 527-0883

C O N T E N T S

Cisco Unified Communications Manager TCP and UDP Port Usage 5P A R T I

Cisco Unified Communications Manager TCP and UDP Port Usage 1C H A P T E R 1

Cisco Unified Communications Manager TCP and UDP Port Usage Overview 1

Port Descriptions 3

Intracluster Ports Between Cisco Unified Communications Manager Servers 3

Common Service Ports 5

Ports Between Cisco Unified Communications Manager and LDAP Directory 8

Web Requests From CCMAdmin or CCMUser to Cisco Unified Communications Manager 9

Web Requests From Cisco Unified Communications Manager to Phone 9

Signaling, Media, and Other Communication Between Phones and Cisco Unified CommunicationsManager 9

Signaling,Media, and Other Communication Between Gateways and Cisco Unified CommunicationsManager 11

Communication Between Applications and Cisco Unified Communications Manager 13

Communication Between CTL Client and Firewalls 15

Special Ports on HP Servers 15

Port References 16

Firewall Application Inspection Guides 16

IETF TCP/UDP Port Assignment List 16

IP Telephony Configuration and Port Utilization Guides 16

VMware Port Assignment List 16

IM and Presence Service TCP and UDP Port Usage 17P A R T I I

Port Usage Information for the IM and Presence Service 19C H A P T E R 2

IM and Presence Service Port Usage Overview 19

TCP and UDP Port Usage Guide for Cisco Unified Communications Manager, Release 10.5(x)iii

Information Collated in Table 19

IM and Presence Service Port List 20

TCP and UDP Port Usage Guide for Cisco Unified Communications Manager, Release 10.5(x)iv

Contents

P A R T ICisco Unified Communications Manager TCP andUDP Port Usage

• Cisco Unified Communications Manager TCP and UDP Port Usage, on page 1

C H A P T E R 1Cisco Unified Communications Manager TCP andUDP Port Usage

This chapter provides a list of the TCP and UDP ports that Cisco Unified Communications Manager uses forintracluster connections and for communication with external applications or devices. You will also findimportant information for the configuration of firewalls, Access Control Lists (ACLs), and quality of service(QoS) on a network when an IP Communications solution is implemented.

• Cisco Unified Communications Manager TCP and UDP Port Usage Overview, on page 1• Port Descriptions, on page 3• Port References, on page 16

Cisco Unified Communications Manager TCP and UDP PortUsage Overview

Cisco Unified Communications Manager TCP and UDP ports are organized into the following categories:

• Intracluster Ports Between Cisco Unified Communications Manager Servers

• Common Service Ports

• Ports Between Cisco Unified Communications Manager and LDAP Directory

• Web Requests From CCMAdmin or CCMUser to Cisco Unified Communications Manager

• Web Requests From Cisco Unified Communications Manager to Phone

• Signaling, Media, and Other Communication Between Phones and Cisco Unified CommunicationsManager

• Signaling, Media, and Other Communication Between Gateways and Cisco Unified CommunicationsManager

• Communication Between Applications and Cisco Unified Communications Manager

• Communication Between CTL Client and Firewalls

• Special Ports on HP Servers

See “Port Descriptions” for port details in each of the above categories.

TCP and UDP Port Usage Guide for Cisco Unified Communications Manager, Release 10.5(x)1

Cisco has not verified all possible configuration scenarios for these ports. If you are having configurationproblems using this list, contact Cisco technical support for assistance.

Note

Port references apply specifically to Cisco Unified Communications Manager. Some ports change from onerelease to another, and future releases may introduce new ports. Therefore, make sure that you are using thecorrect version of this document for the version of Cisco Unified Communications Manager that is installed.

While virtually all protocols are bidirectional, directionality from the session originator perspective is presumed.In some cases, the administrator can manually change the default port numbers, though Cisco does notrecommend this as a best practice. Be aware that Cisco Unified CommunicationsManager opens several portsstrictly for internal use.

Installing Cisco Unified Communications Manager software automatically installs the following networkservices for serviceability and activates them by default. Refer to “Intracluster Ports Between Cisco UnifiedCommunications Manager Servers” for details:

• Cisco Log Partition Monitoring (To monitor and purge the common partition. This uses no customcommon port.)

• Cisco Trace Collection Service (TCTS port usage)

• Cisco RIS Data Collector (RIS server port usage)

• Cisco AMC Service (AMC port usage)

Configuration of firewalls, ACLs, or QoS will vary depending on topology, placement of telephony devicesand services relative to the placement of network security devices, and which applications and telephonyextensions are in use. Also, bear in mind that ACLs vary in format with different devices and versions.

You can also configure Multicast Music on Hold (MOH) ports in Cisco Unified Communications Manager.Port values for multicast MOH are not provided because the administrator specifies the actual port values.

Note

The ephemeral port range for the system is 32768 to 61000. For more information, see http://www.cisco.com/c/en/us/support/security/asa-5500-series-next-generation-firewalls/tsd-products-support-series-home.html.

Note

Make sure that you configure your firewall so that connections to port 22 are open, and are not throttled.During the installation of IM and Presence subscriber nodes, multiple connections to the Cisco UnifiedCommunicationsManager publisher node are opened in quick succession. Throttling these connections couldlead to a failed installation.

Note


Cisco Unified Communications Manager TCP and UDP Port UsageCisco Unified Communications Manager TCP and UDP Port Usage Overview

http://www.cisco.com/c/en/us/support/security/asa-5500-series-next-generation-firewalls/tsd-products-support-series-home.html


Port Descriptions

Intracluster Ports Between Cisco Unified Communications Manager ServersTable 1: Intracluster Ports Between Cisco Unified Communications Manager Servers

PurposeDestination PortTo (Listener)From (Sender)

System logging service514 / UDPUnified CommunicationsManager

Endpoint

Cisco AMC Service forRTMT performancemonitors, data collection,logging, and alerting

1090, 1099 / TCPRTMTUnified CommunicationsManager

Database connection(1501 / TCP is thesecondary connection)

1500, 1501 / TCPUnified CommunicationsManager (DB)

Unified CommunicationsManager (DB)

CAR IDS DB. CAR IDSengine listens on waitingfor connection requestsfrom the clients.

1510 / TCPUnified CommunicationsManager (DB)


CAR IDS DB. Analternate port used tobring up a second instanceof CAR IDS duringupgrade.



Database replicationbetween nodes duringinstallation



Allows subscribers toreceive Cisco UnifiedCommunicationsManagerdatabase changenotification


Cisco Extended Functions(QRT)

Intraclustercommunication betweenCisco Extended Servicesfor Active/Backupdetermination

2551 / TCPUnified CommunicationsManager

Unified CommunicationsManager

Real-time InformationServices (RIS) databaseserver

2555 / TCPUnified CommunicationsManager (RIS)

Unified CommunicationsManager (RIS)


Cisco Unified Communications Manager TCP and UDP Port UsagePort Descriptions


Real-time InformationServices (RIS) databaseclient for Cisco RIS

2556 / TCPUnified CommunicationsManager (RIS)

Unified CommunicationsManager(RTMT/AMC/SOAP)

DRS Master Agent4040 / TCPUnified CommunicationsManager (DRS)

Unified CommunicationsManager (DRS)

This port is used by SOAPmonitor for Real TimeMonitoring Service.

5001/TCPUnified CommunicationsManager (SOAP)

Unified CommunicationsManager (Tomcat)

This port is used by SOAPmonitor for PerformanceMonitor Service.



This port is used by SOAPmonitor for ControlCenter Service.



This port is used by SOAPmonitor for LogCollection Service.



This port is used by SOAPCDROnDemand2 services


Standard CCM AdminUsers / Admin

SOAP monitor5007 / TCPUnified CommunicationsManager (SOAP)


Cisco Trace CollectionTool Service (TCTS) --the back end service forRTMT Trace and LogCentral (TLC)

Ephemeral / TCPUnified CommunicationsManager (TCTS)

Unified CommunicationsManager (RTMT)

This port is used forcommunication betweenCisco Trace CollectionTool Service and CiscoTrace Collection servlet.

7000, 7001, 7002 / TCPUnified CommunicationsManager (TCTS)


Client database changenotification

8001 / TCPUnified CommunicationsManager (CDLM)


Intraclustercommunication service

8002 / TCPUnified CommunicationsManager (SDL)

Unified CommunicationsManager (SDL)

Intraclustercommunication service (toCTI)

8003 / TCPUnified CommunicationsManager (SDL)

Unified CommunicationsManager (SDL)


Cisco Unified Communications Manager TCP and UDP Port UsageIntracluster Ports Between Cisco Unified Communications Manager Servers


Intraclustercommunication betweenCisco UnifiedCommunicationsManagerand CMI Manager

8004 / TCPCMI ManagerUnified CommunicationsManager

Internal listening portused by Tomcat shutdownscripts

8005 / TCPUnified CommunicationsManager (Tomcat)


Communication betweenservers used for diagnostictests

8080 / TCPUnified CommunicationsManager (Tomcat)


HTTP Port forcommunication betweenCuCM and GW (Cayugainterfae) for GatewayRecording feature.

8090Unified CommunicationsManager

Gateway

GatewayUnified CommunicationsManager

Intracluster replication ofsystem data by IPSecCluster Manager

8500 / TCP and UDPUnified CommunicationsManager (IPSec)

Unified CommunicationsManager (IPSec)

RIS Service Managerstatus request and reply

8888 - 8889 / TCPUnified CommunicationsManager (RIS)

Unified CommunicationsManager (RIS)

Intraclustercommunication betweenLBMs

9004 / TCPLocation BandwidthManager (LBM)

Location BandwidthManager (LBM)

Common Service PortsTable 2: Common Service Ports


Internet Control MessageProtocol (ICMP) Thisprotocol number carriesecho-related traffic. Itdoes not constitute a portas indicated in the columnheading.


Endpoint

EndpointUnified CommunicationsManager


Cisco Unified Communications Manager TCP and UDP Port UsageCommon Service Ports


Send the backup data toSFTP server. (DRS LocalAgent)

Send the CDR data toSFTP server.

22 / TCPSFTP serverUnified CommunicationsManager (DRS, CDR)

Cisco UnifiedCommunicationsManageracting as a DHCP server

Cisco does notrecommendrunning DHCPserver on CiscoUnifiedCommunicationsManager.

Note

67 / UDPUnified CommunicationsManager (DHCP Server)

Endpoint

Cisco UnifiedCommunicationsManageracting as a DHCP client

Cisco does notrecommendrunning DHCPclient on CiscoUnifiedCommunicationsManager.Configure CiscoUnifiedCommunicationsManager withstatic IPaddressesinstead.)

Note

68 / UDPDHCP ServerUnified CommunicationsManager

Trivial File TransferProtocol (TFTP) serviceto phones and gateways

69, 6969, then Ephemeral/ UDP


Endpoint or Gateway

Trivial File TransferProtocol (TFTP) betweenmaster and proxy servers.

HTTP service from theTFTP server to phonesand gateways.


Endpoint or Gateway




Network Time Protocol(NTP)

123 / UDPNTP ServerUnified CommunicationsManager

SNMP service response(requests frommanagement applications)

161 / UDPUnified CommunicationsManager

SNMP Server

SNMP traps162 / UDPSNMP trap destinationCUCM Server SNMPMaster Agent application

Native SNMP agentlistening port for SMUXsupport


SNMP Server

DHCPv6. DHCP port forIPv6.

546 / UDPDHCP ServerUnified CommunicationsManager

Enhanced Location CACServiceability


Unified CommunicationsManager Serviceability

Call Admission requestsand bandwidth deductions



Used for communicationbetween Master Agentand Native Agent toprocess Native agentMIBrequests



Used for communicationbetween Master Agentand Native Agent toforward notificationsgenerated from NativeAgent



Centralized TFTP FileLocator Service

6970 / TCPAlternate TFTPCentralized TFTP

Used for communicationbetween SNMP MasterAgent and subagents



Cisco Discovery Protocol(CDP) agentcommunicates with CDPexecutable


SNMP Server

Used for Cisco User DataServices (UDS) requests


Endpoint




Service CRS requeststhrough the TAPSresiding on Cisco UnifiedCommunicationsManager



Cisco UnifiedCommunicationsManagerapplications send outalarms to this port throughUDP. Cisco UnifiedCommunicationsManagerMIB agent listens on thisport and generates SNMPtraps per Cisco UnifiedCommunicationsManagerMIB definition.



Provide trunk-based SIPservices

5060, 5061 / TCPUnified CommunicationsManager


Used by InterclusterLookup Service (ILS) forcertificate basedauthentication.



Used by ILS for passwordbased authentication.



Ports Between Cisco Unified Communications Manager and LDAP DirectoryTable 3: Ports Between Cisco Unified Communications Manager and LDAP Directory


Lightweight DirectoryAccess Protocol (LDAP)query to external directory(Active Directory,Netscape Directory)

389, 636, 3268, 3269 /TCP

External DirectoryUnified CommunicationsManager

EphemeralUnified CommunicationsManager

External Directory


Cisco Unified Communications Manager TCP and UDP Port UsagePorts Between Cisco Unified Communications Manager and LDAP Directory

Web Requests From CCMAdmin or CCMUser to Cisco Unified CommunicationsManager

Table 4: Web Requests From CCMAdmin or CCMUser to Cisco Unified Communications Manager


Hypertext TransportProtocol (HTTP)


Browser

Hypertext TransportProtocol over SSL(HTTPS)


Browser

Web Requests From Cisco Unified Communications Manager to PhoneTable 5: Web Requests From Cisco Unified Communications Manager to Phone


Hypertext TransportProtocol (HTTP)

80 / TCPPhoneUnified CommunicationsManager

• QRT

• RTMT

• Find and List Phonespage

• Phone Configurationpage

Signaling, Media, and Other Communication Between Phones and CiscoUnified Communications Manager

Table 6: Signaling, Media, and Other Communication Between Phones and Cisco Unified Communications Manager


Trivial File TransferProtocol (TFTP) used todownload firmware andconfiguration files

69, then Ephemeral / UDPUnified CommunicationsManager (TFTP)

Phone

Skinny Client ControlProtocol (SCCP)


Phone


Cisco Unified Communications Manager TCP and UDP Port UsageWeb Requests From CCMAdmin or CCMUser to Cisco Unified Communications Manager


Secure Skinny ClientControl Protocol (SCCPS)


Phone

Provide trust verificationservice to endpoints.


Phone

Certificate AuthorityProxy Function (CAPF)listening port for issuingLocally SignificantCertificates (LSCs) to IPphones

3804 / TCPUnified CommunicationsManager (CAPF)

Phone

Session Initiation Protocol(SIP) phone

5060 / TCP and UDPUnified CommunicationsManager

Phone

PhoneUnified CommunicationsManager

Secure Session InitiationProtocol (SIPS) phone

5061 TCPUnified CommunicationsManager

Phone

PhoneUnified CommunicationsManager

HTTP-based download offirmware andconfiguration files

6970 TCPUnified CommunicationsManager (TFTP)

Phone

Phone URLs for XMLapplications,authentication, directories,services, etc. You canconfigure these ports on aper-service basis.


Phone

Real-Time Protocol(RTP), Secure Real-TimeProtocol (SRTP)

Cisco UnifiedCommunicationsManager onlyuses24576-32767although otherdevices use thefull range.

Note

16384 - 32767 / UDPPhoneIP VMS

IP VMSPhone


Cisco Unified Communications Manager TCP and UDP Port UsageSignaling, Media, and Other Communication Between Phones and Cisco Unified Communications Manager

Signaling, Media, and Other Communication Between Gateways and CiscoUnified Communications Manager

Table 7: Signaling, Media, and Other Communication Between Gateways and Cisco Unified Communications Manager


Generic RoutingEncapsulation (GRE),Encapsulating SecurityPayload (ESP),Authentication Header(AH). These protocolsnumbers carry encryptedIPSec traffic. They do notconstitute a port asindicated in the columnheading.

47, 50, 51Unified CommunicationsManager

Gateway


Internet Key Exchange(IKE) for IP Securityprotocol (IPSec)establishment


Gateway


Trivial File TransferProtocol (TFTP)

69, then Ephemeral / UDPUnified CommunicationsManager (TFTP)

Gateway

Port mapping service.Only used in the CIMEoff-path deploymentmodel.

1024-65535 / TCPCIME ASAUnified CommunicationsManager with CiscoIntercompany MediaEngine (CIME) trunk

Gatekeeper (H.225) RAS1719 / UDPUnified CommunicationsManager

Gatekeeper

H.225 signaling servicesfor H.323 gateways andIntercluster Trunk (ICT)


Gateway


H.225 signaling serviceson gatekeeper-controlledtrunk

Ephemeral / TCPUnified CommunicationsManager

Gateway



Cisco Unified Communications Manager TCP and UDP Port UsageSignaling, Media, and Other Communication Between Gateways and Cisco Unified Communications Manager


H.245 signaling servicesfor establishing voice,video, and data

TheH.245 portused by theremote systemdepends on thetype ofgateway.

For IOSgateways, theH.245 portrange is from11000 to65535.

Note

Ephemeral / TCPUnified CommunicationsManager

Gateway


Skinny Client ControlProtocol (SCCP)


Gateway

Upgrade port for 6608gateways with CiscoUnified CommunicationsManager deployments


Gateway

Upgrade port for 6624gateways with CiscoUnified CommunicationsManager deployments


Gateway

Media Gateway ControlProtocol (MGCP)gateway control


Gateway

Media Gateway ControlProtocol (MGCP)backhaul


Gateway

These ports are used asphantom Real-TimeTransport Protocol (RTP)and Real-Time TransportControl Protocol (RTCP)ports for audio, video anddata channel when CiscoUnified CommunicationsManager does not haveports for these media.

4000 - 4005 / TCP----


Cisco Unified Communications Manager TCP and UDP Port UsageSignaling, Media, and Other Communication Between Gateways and Cisco Unified Communications Manager


Session Initiation Protocol(SIP) gateway andIntercluster Trunk (ICT)

5060 / TCP and UDPUnified CommunicationsManager

Gateway


Secure Session InitiationProtocol (SIPS) gatewayand Intercluster Trunk(ICT)


Gateway


Real-Time Protocol(RTP), Secure Real-TimeProtocol (SRTP)

Cisco UnifiedCommunicationsManager onlyuses24576-32767although otherdevices use thefull range.

Note

16384 - 32767 / UDPUnified CommunicationsManager

Gateway


Communication Between Applications and Cisco Unified CommunicationsManager

Table 8: Communication Between Applications and Cisco Unified Communications Manager


Certificate Trust List(CTL) provider listeningservice in Cisco UnifiedCommunicationsManager

2444 / TCPUnified CommunicationsManager CTL Provider

CTL Client

CTI application server2748 / TCPUnified CommunicationsManager

Cisco UnifiedCommunications App

TLS connection betweenCTI applications(JTAPI/TSP) andCTIManager



JTAPI application server2789 / TCPUnified CommunicationsManager



Cisco Unified Communications Manager TCP and UDP Port UsageCommunication Between Applications and Cisco Unified Communications Manager


Cisco UnifiedCommunicationsManagerAssistant server (formerlyIPMA)


Unified CommunicationsManager AssistantConsole

Cisco UnifiedCommunicationsManagerAttendant Console (AC)JAVA RMI Registryserver

1103 -1129 / TCPUnified CommunicationsManager

Unified CommunicationsManager AttendantConsole

RMI server sends RMIcallback messages toclients on these ports.



Attendant Console (AC)RMI server bind port --RMI server sends RMImessages on these ports.



Cisco UnifiedCommunicationsManagerAttendant Console (AC)server line state portreceives ping andregistrationmessage from,and sends line states to,the attendant consoleserver.



Cisco UnifiedCommunicationsManagerAttendant Console (AC)clients register with theAC server for line anddevice state information.



Cisco UnifiedCommunicationsManagerAttendant Console (AC)clients register to the ACserver for call control.


Unified CommunicationsManagerAttendantConsole

Multi-Service IOS Routerrunning EIGRP/SAFProtocol.

5050 / TCPIOS Router running SAFimage

Unified CommunicationsManager with SAF/CCD


Cisco Unified Communications Manager TCP and UDP Port UsageCommunication Between Applications and Cisco Unified Communications Manager


VAP protocol used tocommunicate to the CiscoIntercompany MediaEngine server.

5620 / TCP

Cisco recommends avalue of 5620 for thisport, but you can changethe value by executing theadd ime vapserver or setime vapserver port CLIcommand on the CiscoIME server.

Cisco IntercompanyMedia Engine (IME)Server


AXL / SOAP API forprogrammatic reads fromor writes to the CiscoUnified CommunicationsManager database thatthird parties such asbilling or telephonymanagement applicationsuse.



Communication Between CTL Client and FirewallsTable 9: Communication Between CTL Client and Firewalls


Certificate Trust List(CTL) provider listeningservice in anASA firewall

2444 / TCPTLS Proxy ServerCTL Client

Special Ports on HP ServersTable 10: Special Ports on HP Servers


HTTP port to HP agent2301 / TCPHP SIMEndpoint

HTTPS port to HP agent2381 / TCPHP SIMEndpoint

COMPAQ ManagementAgent extension (cmaX)

25375, 25376, 25393 /UDP

Compaq ManagementAgent

Endpoint

HTTPS port to HP SIM50000 - 50004 / TCPHP SIMEndpoint


Cisco Unified Communications Manager TCP and UDP Port UsageCommunication Between CTL Client and Firewalls

Port References

Firewall Application Inspection GuidesASA Series reference information


PIX Application Inspection Configuration Guides

http://www.cisco.com/c/en/us/support/security/pix-firewall-software/products-installation-and-configuration-guides-list.html

FWSM 3.1 Application Inspection Configuration Guide

http://www-author.cisco.com/c/en/us/td/docs/security/fwsm/fwsm31/configuration/guide/fwsm_cfg/inspct_f.html

IETF TCP/UDP Port Assignment ListInternet Assigned Numbers Authority (IANA) IETF assigned Port List

http://www.iana.org/assignments/port-numbers

IP Telephony Configuration and Port Utilization GuidesCisco CRS 4.0 (IP IVR and IPCC Express) Port Utilization Guide

http://www.cisco.com/en/US/products/sw/custcosw/ps1846/products_installation_and_configuration_guides_list.html

Port Utilization Guide for Cisco ICM/IPCC Enterprise and Hosted Editions


Cisco Unified Communications Manager Express Security Guide to Best Practices

http://www.cisco.com/en/US/netsol/ns340/ns394/ns165/ns391/networking_solutions_design_guidance09186a00801f8e30.html

Cisco Unity Express Security Guide to Best Practices

http://www.cisco.com/en/US/netsol/ns340/ns394/ns165/ns391/networking_solutions_design_guidance09186a00801f8e31.html#wp41149

VMware Port Assignment ListTCP and UDP Ports for vCenter Server, ESX hosts, and Other Network Components Management Access


Cisco Unified Communications Manager TCP and UDP Port UsagePort References







http://www.iana.org/assignments/port-numbers



http://www.cisco.com/en/US/netsol/ns340/ns394/ns165/ns391/networking_solutions_design_guidance09186a00801f8e30.html

http://www.cisco.com/en/US/netsol/ns340/ns394/ns165/ns391/networking_solutions_design_guidance09186a00801f8e31.html#wp41149

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1012382

P A R T IIIM and Presence Service TCP and UDP PortUsage

• Port Usage Information for the IM and Presence Service, on page 19

C H A P T E R 2Port Usage Information for the IM and PresenceService

• IM and Presence Service Port Usage Overview, on page 19• Information Collated in Table, on page 19• IM and Presence Service Port List, on page 20

IM and Presence Service Port Usage OverviewThis document provides a list of the TCP and UDP ports that the IM and Presence Service uses for intraclusterconnections and for communications with external applications or devices. It provides important informationfor the configuration of firewalls, Access Control Lists (ACLs), and quality of service (QoS) on a networkwhen an IP Communications solution is implemented.

Cisco has not verified all possible configuration scenarios for these ports. If you are having configurationproblems using this list, contact Cisco technical support for assistance.

Note

While virtually all protocols are bidirectional, this document gives directionality from the session originatorperspective. In some cases, the administrator can manually change the default port numbers, though Ciscodoes not recommend this as a best practice. Be aware that the IM and Presence Service opens several portsstrictly for internal use.

Ports in this document apply specifically to the IM and Presence Service. Some ports change from one releaseto another, and future releases may introduce new ports. Therefore, make sure that you are using the correctversion of this document for the version of IM and Presence Service that is installed.

Configuration of firewalls, ACLs, or QoS will vary depending on topology, placement of devices and servicesrelative to the placement of network security devices, and which applications and telephony extensions arein use. Also, bear in mind that ACLs vary in format with different devices and versions.

Information Collated in TableThis table defines the information collated in each of the tables in this document.


Table 11: Definition of Table Information

DescriptionTable Heading

The client sending requests to this portFrom

The client receiving requests on this portTo

A client or server application or processRole

Either a Session-layer protocol used for establishingand ending communications, or an Application-layerprotocol used for request and response transactions

Protocol

A Transport-layer protocol that is connection-oriented(TCP) or connectionless (UDP)

Transport Protocol

The port used for receiving requestsDestination / Listener

The port used for sending requestsSource / Sender

IM and Presence Service Port ListThe following tables show the ports that the IM and Presence Service uses for intracluster and interclustertraffic.

Table 12: IM and Presence Service Ports - SIP Proxy Requests

RemarksSource /Sender

Destination/ Listener

TransportProtocol

ProtocolTo (Listener)From (Sender)

Default SIP Proxy UDPand TCP Listener

Ephemeral5060TCP/UDPSIPIM andPresence

--------------

SIP Gateway

SIP Gateway

--------------

IM andPresence

TLS ServerAuthentication listenerport

Ephemeral5061TLSSIPIM andPresence

SIP Gateway

TLS MutualAuthentication listenerport

Ephemeral5062TLSSIPIM andPresence

IM andPresence

Internal port. Localhosttraffic only.

Ephemeral5049UDP /TCP

SIPIM andPresence

IM andPresence

Used for HTTP requestsfrom the Config Agent toindicate a change inconfiguration.

Ephemeral8081TCPHTTPIM andPresence

IM andPresence


IM and Presence Service TCP and UDP Port UsageIM and Presence Service Port List



TransportProtocol


Default IM and PresenceHTTP Listener. Used forThird-Party Clients toconnect

Ephemeral8082TCPHTTPIM andPresence

Third-partyClient

Default IM and PresenceHTTPS Listener. Usedfor Third-Party Clients toconnect

Ephemeral8083TLS / TCPHTTPSIM andPresence

Third-partyClient

Table 13: IM and Presence Service Ports - Presence Engine Requests



TransportProtocol


Default SIP UDP/TCPListener port

Ephemeral5080UDP /TCP

SIPIM andPresence(PresenceEngine)

IM andPresence

Internal port. Localhosttraffic only. LiveBusmessaging port. The IMand Presence Serviceuses this port for clustercommunication.

Ephemeral50000UDPLivebusIM andPresence(PresenceEngine)

IM andPresence(PresenceEngine)

Table 14: IM and Presence Service Ports - Cisco Tomcat WebRequests



TransportProtocol


Used for web accessEphemeral8080TCPHTTPSIM andPresence

Browser

Provides database andserviceability access viaSOAP

Ephemeral8443TLS / TCPAXL /HTTPS

IM andPresence

Browser

Provides access to Webadministration


Browser

Provides access to Useroption pages


Browser





TransportProtocol


Provides access to CiscoUnified PersonalCommunicator, CiscoUnified MobilityAdvantage, andthird-party API clientsvia SOAP

Ephemeral8443TLS / TCPSOAPIM andPresence

Browser

Table 15: IM and Presence Service Ports - External Corporate Directory Requests



TransportProtocolProtocolTo (Listener)From (Sender)

Allows the Directoryprotocol to integrate withthe external CorporateDirectory. The LDAPport depends on the

Corporate Directory (389is the default). In case ofNetscape Directory,

customer can configuredifferent port to accept

LDAP traffic.

Allows LDAP tocommunicate betweenIM&P and the LDAP

server for authentication.

Ephemeral389

/ 3268

TCPLDAPExternalCorporateDirectory

--------------

IM andPresence

IM andPresence

--------------

ExternalCorporateDirectory

Allows the Directoryprotocol to integrate withthe external CorporateDirectory. LDAP port

depends on the CorporateDirectory (636 is the

default).

Ephemeral636TCPLDAPSExternalCorporateDirectory

IM andPresence

Table 16: IM and Presence Service Ports - Configuration Requests



TransportProtocol


Config Agent heartbeatport

Ephemeral8600TCPTCPIM andPresence(ConfigAgent)

IM andPresence(ConfigAgent)



Table 17: IM and Presence Service Ports - Certificate Manager Requests



TransportProtocol


Internal port - Localhosttraffic only

Ephemeral7070TCPTCPCertificateManager

IM andPresence

Table 18: IM and Presence Service Ports - IDS Database Requests



TransportProtocol


Internal IDS port forDatabase clients.Localhost traffic only.

Ephemeral1500TCPTCPIM andPresence(Database)

IM andPresence(Database)

Internal port - this is analternate port to bring upa second instance of IDSduring upgrade.Localhost traffic only.

Ephemeral1501TCPTCPIM andPresence(Database)


Internal port. Localhosttraffic only. DBreplication port

Ephemeral1515TCPXMLIM andPresence(Database)


Table 19: IM and Presence Service Ports - IPSec Manager Requests



TransportProtocol


Internal port - clustermanager port used by theipsec_mgr daemon forcluster replication ofplatform data (hosts)certs

85008500UDP/TCPProprietaryIM andPresence(IPSec)

IM andPresence(IPSec)

Table 20: IM and Presence Service Ports - DRF Master Agent Server Requests



TransportProtocol


DRFMaster Agent serverport, which acceptsconnections from LocalAgent, GUI, and CLI

Ephemeral4040TCPTCPIM andPresence(DRF)

IM andPresence(DRF)



Table 21: IM and Presence Service Ports - RISDC Requests



TransportProtocol


Real-time InformationServices (RIS) databaseserver. Connects to otherRISDC services in thecluster to provideclusterwide real-timeinformation

Ephemeral2555TCPTCPIM andPresence(RIS)

IM andPresence(RIS)

Real-time InformationServices (RIS) databaseclient for Cisco RIS.Allows RIS clientconnection to retrievereal-time information

Ephemeral2556TCPTCPIM andPresence(RIS)

IM andPresence(RTMT/AMC/

SOAP)

Internal port. Localhosttraffic only. Used byRISDC (System Access)to link to servM via TCPfor service status requestand reply

88888889TCPTCPIM andPresence(RIS)

IM andPresence(RIS)

Table 22: IM and Presence Service Ports - SNMP Requests



TransportProtocol


Provides services forSNMP-basedmanagement applications

Ephemeral161, 8161UDPSNMPIM andPresence

SNMPServer

Native SNMP agent thatlistens for requestsforwarded by SNMPmaster agents

Ephemeral6162UDPSNMPIM andPresence

IM andPresence

SNMP Master agent thatlistens for traps from thenative SNMP agent, andforwards to managementapplications

Ephemeral6161UDPSNMPIM andPresence

IM andPresence

Used as a socket for thecdp agent tocommunicate with thecdp binary

Ephemeral7999TCPTCPIM andPresence

SNMPServer





TransportProtocol


Used for communicationbetween the SNMPmaster agent andsubagents


IM andPresence

Sends SNMP traps tomanagement applications

Ephemeral162UDPSNMPSNMP TrapMonitor

IM andPresence

Internal SNMP trapreceiver

61441ConfigurableUDPSNMPIM andPresence

IM andPresence

Table 23: IM and Presence Service Ports - Racoon Server Requests



TransportProtocol


Enables Internet SecurityAssociation and theKey ManagementProtocol

Ephemeral500UDPIpsecIM andPresence

--------------

Gateway

Gateway

--------------

IM andPresence

Table 24: IM and Presence Service Ports - System Service Requests



TransportProtocol


Internal port. Localhosttraffic only. Used tolisten to clientscommunicating with theRIS Service Manager(servM).

Ephemeral8888 and8889

TCPXMLIM andPresence(RIS)

IM andPresence(RIS)

Table 25: IM and Presence Service Ports - DNS Requests



TransportProtocol


The port that DNS serverlisten on for IM andPresence DNS queries.

To: DNS Server | From:IM and Presence

Ephemeral53UDPDNSDNS ServerIM andPresence



Table 26: IM and Presence Service Ports - SSH/SFTP Requests



TransportProtocol


Used by manyapplications to getcommand line access tothe server. Also usedbetween nodes forcertificate and other fileexchanges (sftp)

Ephemeral22TCPSSH /SFTP

EndpointIM andPresence

Table 27: IM and Presence Service Ports - ICMP Requests



TransportProtocol


Internet ControlMessageProtocol (ICMP). Usedto communicate with theCisco UnifiedCommunicationsManager server

EphemeralNotApplicable

IPICMPCiscoUnifiedCommunicationsManager

--------------

IM andPresence

IM andPresence

--------------

CiscoUnifiedCommunicationsManager

Table 28: IM and Presence Service Ports - NTP Requests



TransportProtocol


Cisco UnifiedCommunicationsManager is the actingNTP server. Used bysubscriber nodes tosynchronize timewith thepublisher node.

Ephemeral123UDPNTPNTP ServerIM andPresence



Table 29: IM and Presence Service Ports - Microsoft Exchange Notify Requests



TransportProtocol


Microsoft Exchange usesthis port to sendnotifications (usingNOTIFY message) toindicate a change to aparticular subscriptionidentifier for calendarevents. Used to integratewith any Exchange serverin the networkconfiguration. Both portsare created. The kind ofmessages that are sentdepend on the type ofCalendar PresenceBackend gateway(s) thatare configured.

EphemeralIM andPresenceserver port(default50020)

)WebDAV- HTTP/UDP/IPnotifications

2) EWS -HTTP/TCP/IP SOAPnotifications

HTTP(HTTPu)

IM andPresence

MicrosoftExchange

Table 30: IM and Presence Service Ports - SOAP Services Requests



TransportProtocol


SOAP monitor portEphemeral5007TCPTCPIM andPresence(SOAP)

IM andPresence(Tomcat)

Table 31: IM and Presence Service Ports - AMC RMI Requests



TransportProtocol


AMC RMI Object port.Cisco AMC Service forRTMT performancemonitors, data collection,logging, and alerting.

Ephemeral1090TCPTCPRTMTIM andPresence

AMCRMIRegistry port.Cisco AMC Service forRTMT performancemonitors, data collection,logging, and alerting.

Ephemeral1099TCPTCPRTMTIM andPresence



Table 32: IM and Presence Service Ports - XCP Requests



TransportProtocol


Client access portEphemeral5222TCPTCPIM andPresence

XMPP Client

Server to Serverconnection (S2S) port


IM andPresence

HTTP listening port usedby the XCP WebConnection Manager forBOSH third-party APIconnections


Third-partyBOSH client

XCP Router MasterAccept Port. XCPservices that connect tothe router from an OpenPort Configuration (forexample XCPAuthenticationComponent Service)typically connect on thisport.

Ephemeral7400TCPTCPIM andPresence(XCP Router

IM andPresence(XCPServices)

MDNS port. XCP routersin a cluster use this portto discover each other.

Ephemeral5353UDPUDPIM andPresence(XCP Router

IM andPresence(XCP Router

MFT File transfer(On-Premises only).

HTTPS7336TCPTCPIM andPresence(XCP Router

IM andPresence(XCP Router

Table 33: IM and Presence Service Ports - External Database (PostgreSQL) Requests



TransportProtocol


PostgreSQL databaselistening port

Ephemeral54321TCPTCPPostgreSQLdatabase

IM andPresence

1 This is the default port, however you can configure the PostgreSQL database to listen on any port.



Table 34: IM and Presence Service Ports - High Availability Requests



TransportProtocol


The port that CiscoServer RecoveryManager uses to provideadmin rpc requests.

Ephemeral20075TCPTCPIM andPresence(ServerRecoveryManager)

IM andPresence(ServerRecoveryManager)

The port that CiscoServer RecoveryManager uses tocommunicate with itspeer.

Ephemeral22001UDPUDPIM andPresence(ServerRecoveryManager)

IM andPresence(ServerRecoveryManager)

Table 35: IM and Presence Service Ports - In Memory Database Replication Messages



TransportProtocol


Cisco Presence DatastoreEphemeral6603*TCPProprietaryIM andPresence

IM andPresence

Cisco Login DatastoreEphemeral6604*TCPProprietaryIM andPresence

IM andPresence

Cisco SIP RegistrationDatastore

Ephemeral6605*TCPProprietaryIM andPresence

IM andPresence

Cisco Presence Datastoredual node presenceredundancy groupreplication.

Ephemeral9003TCPProprietaryIM andPresence

IM andPresence

Cisco Login Datastoredual node presenceredundancy groupreplication.


IM andPresence

Cisco SIP RegistrationDatastore dual nodepresence redundancygroup replication.


IM andPresence

* If you want to run the Administration CLI Diagnostic Utility, using the utils imdb_replication status

command, these ports must be open on all firewalls that are configured between IM and Presence Servicenodes in the cluster. This setup is not required for normal operation.



Table 36: IM and Presence Service Ports - In Memory Database SQL Messages



TransportProtocol


Cisco Presence DatastoreSQL Queries.


IM andPresence

Cisco Login DatastoreSQL Queries.


IM andPresence

Cisco SIP RegistrationDatastore SQL Queries.


IM andPresence

Cisco Route DatastoreSQL Queries.


IM andPresence

Table 37: IM and Presence Service Ports - In Memory Database Notification Messages



TransportProtocol


Cisco Presence DatastoreXML-based changenotification.


IM andPresence

Cisco Login DatastoreXML-based changenotification.


IM andPresence

Cisco SIP RegistrationDatastore XML-basedchange notification.


IM andPresence

Cisco Route DatastoreXML-based changenotification.


IM andPresence

See the Cisco Unified Serviceability Administration Guide for information about SNMP.



tcp and udp port usage guide for cisco unified ......manager(tomcat) thisportisusedbysoap...

Documents