IPsec exceptions in Lync Server 2013
Topic Last Modified: 2012-06-27
For enterprise networks where Internet Protocol security (IPsec) (see IETF RFC 4301-4309) has been deployed, IPsec must be disabled over the range of ports used for the delivery of audio, video, and panorama video. The recommendation is motivated by the need to avoid any delay in the allocation of media ports due to IPsec negotiation.
The following table explains the recommended IPsec exception settings.
Recommended IPsec Exceptions
| Rule name | Source IP | Destination IP | Protocol | Source port | Destination port | Authentication Requirement |
|---|---|---|---|---|---|---|
A/V Edge Server Internal Inbound |
Any |
A/V Edge Server Internal |
UDP and TCP |
Any |
Any |
Do not authenticate |
A/V Edge Server External Inbound |
Any |
A/V Edge Server External |
UDP and TCP |
Any |
Any |
Do not authenticate |
A/V Edge Server Internal Outbound |
A/V Edge Server Internal |
Any |
UDP & TCP |
Any |
Any |
Do not authenticate |
A/V Edge Server External Outbound |
A/V Edge Server External |
Any |
UDP and TCP |
Any |
Any |
Do not authenticate |
Mediation Server Inbound |
Any |
Mediation Server(s) |
UDP and TCP |
Any |
Any |
Do not authenticate |
Mediation Server Outbound |
Mediation Server(s) |
Any |
UDP and TCP |
Any |
Any |
Do not authenticate |
Conferencing Attendant Inbound |
Any |
Front End Server running Conferencing Attendant |
UDP and TCP |
Any |
Any |
Do not authenticate |
Conferencing Attendant Outbound |
Front End Server running Conferencing Attendant |
Any |
UDP and TCP |
Any |
Any |
Do not authenticate |
A/V Conferencing Inbound |
Any |
Front End Servers |
UDP and TCP |
Any |
Any |
Do not authenticate |
A/V Conferencing Outbound |
Front End Servers |
Any |
UDP and TCP |
Any |
Any |
Do not authenticate |
Exchange Inbound |
Any |
Exchange Unified Messaging |
UDP and TCP |
Any |
Any |
Do not authenticate |
Application Sharing Servers Inbound |
Any |
Application Sharing Servers |
TCP |
Any |
Any |
Do not authenticate |
Application Sharing Server Outbound |
Application Sharing Servers |
Any |
TCP |
Any |
Any |
Do not authenticate |
Exchange Outbound |
Exchange Unified Messaging |
Any |
UDP and TCP |
Any |
Any |
Do not authenticate |
Clients |
Any |
Any |
UDP |
Specified media port range |
Any |
Do not authenticate |