For Enterprise networks where Internet Protocol security (IPsec) (see IETF RFC 4301-4309) has been deployed, IPsec must be disabled over the range of ports used for the delivery of audio, video, and panorama video. The recommendation is motivated by the need to avoid any delay in the allocation of media ports due to IPsec negotiation.
The following table explains the recommended IPsec exception settings. For clients, for details about how to specify a range of ports to limit the extent of the IPsec exceptions that must be put in place in your network, see the minimum and maximum media port range section in the Office Communications Server Technical Reference content.
Table 1. Recommended IPsec Exceptions
|
Rule name
|
Source IP
|
Destination IP
|
Protocol
|
Source port
|
Destination port
|
Filter action
|
|---|
|
A/V Edge Server Internal Inbound
|
Any
|
A/V Edge Server Internal
|
UDP and TCP
|
Any
|
Any
|
Permit
|
|
A/V Edge Server External Inbound
|
Any
|
A/V Edge Server External
|
UDP and TCP
|
Any
|
Any
|
Permit
|
|
A/V Edge Server Internal Outbound
|
A/V Edge Server Internal
|
Any
|
UDP & TCP
|
Any
|
Any
|
Permit
|
|
A/V Edge Server External Outbound
|
A/V Edge Server External
|
Any
|
UDP and TCP
|
Any
|
Any
|
Permit
|
|
Mediation Server Inbound
|
Any
|
Mediation
Server(s)
|
UDP and TCP
|
Any
|
Any
|
Permit
|
|
Mediation Server Outbound
|
Mediation
Server(s)
|
Any
|
UDP and TCP
|
Any
|
Any
|
Permit
|
|
Conferencing Attendant Inbound
|
Any
|
Any
|
UDP and TCP
|
Any
|
Any
|
Permit
|
|
Conferencing Attendant Outbound
|
Any
|
Any
|
UDP and TCP
|
Any
|
Any
|
Permit
|
|
A/V Conferencing Inbound
|
Any
|
A/V Conferencing Servers
|
UDP and TCP
|
Any
|
Any
|
Permit
|
|
A/V Conferencing Server Outbound
|
A/V Conferencing Servers
|
Any
|
UDP and TCP
|
Any
|
Any
|
Permit
|
|
Exchange Inbound
|
Any
|
Exchange Unified Messaging
|
UDP and TCP
|
Any
|
Any
|
Permit
|
|
Exchange Outbound
|
Exchange Unified Messaging
|
Any
|
UDP and TCP
|
Any
|
Any
|
Permit
|
|
Clients
|
Any
|
Any
|
UDP
|
Specified media port range
|
Any
|
Permit
|