- Contents (DO NOT PUBLISH)
- Preface
- IP Communications Required by Cisco Unity Connection 10.x
- Preventing Toll Fraud in Cisco Unity Connection 10.x
- Securing the Connection Between Cisco Unity Connection 10.x, Cisco Unified Communications Manager, and IP Phones
- Securing Administration and Services Accounts in Cisco Unity Connection 10.x
- FIPS Compliance in Cisco Unity Connection 10.x
- Passwords, PINs, and Authentication Rule Management in Cisco Unity Connection 10.x
- Single Sign-on in Cisco Unity Connection
- The Cisco Unity Connection 10.x Security Password
- Using SSL to Secure Client/Server Connections in Cisco Unity Connection 10.x
- Securing User Messages in Cisco Unity Connection 10.x
- Cisco Unity Connection - Restricted and Unrestricted Version (Applicable for 10.5(2) SU6 and later)
- Index
IP Communications Required by Cisco Unity Connection
Cisco Unity Connection Service Ports
Table 1-1 lists the TCP and UDP ports that are used for inbound connections to the Cisco Unity Connection server, and ports that are used internally by Unity Connection.
|
|
|
|
|
---|---|---|---|---|
Servers in a Unity Connection cluster must be able to connect to each other on these ports. |
||||
IP phones must be able to connect to this range of ports on the Unity Connection server for some phone client applications. |
||||
Opened for port-status monitoring read-only connections. Monitoring must be configured in Connection Administration before any data can be seen on this port (Monitoring is off by default). |
||||
TCP and UDP ports allocated by administrator for SIP traffic. |
Unity Connection SIP Control Traffic handled by conversation manager. |
|||
Restricted to localhost only (no remote connections to this service are needed). |
||||
Servers in a Unity Connection cluster must be able to connect to each other on these database ports. |
||||
Client workstations must be able to connect to ports 143 and 993 for IMAP inbox access, and IMAP over SSL inbox access. |
||||
Servers delivering SMTP to Unity Connection port 25, such as other servers in a UC Digital Network. |
||||
Restricted to localhost only (no remote connections to this service are needed). |
||||
Restricted to localhost only (no remote connections to this service are needed). |
||||
VoIP devices (phones and gateways) must be able to send traffic to these UDP ports to deliver inbound audio streams. |
||||
Restricted to localhost only (no remote connections to this service are needed). |
||||
Servers in a Unity Connection cluster must be able to connect to each other on these ports. |
||||
Heartbeat event traffic is not encrypted but is MAC secured. Servers in a Unity Connection cluster must be able to connect to each other on these ports. |
||||
If this service is enabled it allows administrative read/write database connections for off-box clients. For example, some of the ciscounitytools.com tools use this port. |
||||
Firewall must be open for TCP 22 connections for remote CLI access and serving SFTP in a Unity Connection cluster. Administrative workstations must be able to connect to a Unity Connection server on this port. Servers in a Unity Connection cluster must be able to connect to each other on this port. |
||||
Using ipsec is optional, and off by default. If the service is enabled, servers in a Unity Connection cluster must be able to connect to each other on this port. |
||||
The cluster manager service is part of the Voice Operating System. Servers in a Unity Connection cluster must be able to connect to each other on these ports. |
||||
Network time service is enabled to keep time synchronized between servers in a Unity Connection cluster. The publisher server can use either the operating system time on the publisher server or the time on a separate NTP server for time synchronization. Subscriber servers always use the publisher server for time synchronization. Servers in a Unity Connection cluster must be able to connect to each other on this port. |
||||
Servers in a Unity Connection cluster must be able to connect to each other on these ports. |
||||
These database instances contain information for LDAP integrated users, and serviceability data. Servers in a Unity Connection cluster must be able to connect to each other on these ports. |
||||
Servers in a Unity Connection cluster must be able to connect to each other on these ports. |
||||
Servers in a Unity Connection cluster must be able to connect to each other on these ports. |
||||
Servers in a Unity Connection cluster must be able to connect to each other on these ports. |
||||
Performs back-end serviceability data exchanges 1090: AMC RMI Object Port 1099: AMC RMI Registry Port Servers in a Unity Connection cluster must be able to connect to each other on these ports. |
||||
Both client and administrative workstations need to connect to these ports. Servers in a Unity Connection cluster must be able to connect to each other on these ports for communications that use HTTP-based interactions like REST. Note These ports support both the IPv4 and IPv6 addresses. However, the IPv6 address works only when Connection platform is configured in Dual (IPv4/IPv6) mode. For more information on Configuring IPv6 settings, see Adding or Changing the IPv6 Addresses of Cisco Unity Connection chapter of Install, Upgrade, and Maintenance Guide for Cisco Unity Connection guide at http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/connection/10x/install_upgrade/guide/10xcuciumgx.html. Note Cisco Unity Connection Survivable Remote Site Voicemail SRSV supports these ports for IP communication. |
||||
Servers in HTTPS Networking must be able to connect to each other on these ports for communications. Unity Connection HTTPS Directory Feeder service uses these ports for directory synchronization. Note Unity Connection HTTPS Directory Feeder service supports only IPv4 mode. |
||||
Ephemeral port ranges, used by anything with a dynamically allocated client port. |
||||
Exchange 2007,2010, and 2013 only: EWS notifications of changes to Unity Connection voice messages. This port is also available for clients to request comet notifications from Cisco Unity Connection for a voicemail subscriber. |
||||
Starting with release 10.5.2 and later, the comet notification client needs to connect to this port to receive comet notifications over SSL. |
||||
Video server must be able to connect to Unity Connection on this port for communications. |
1.Bold port numbers are open for direct connections from off-box clients. |
Outbound Connections Made by Unity Connection
Table 1-2 lists the TCP and UDP ports that Cisco Unity Connection uses to connect with other servers in the network.