- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It appears that the wi-fi calling feature that has finally rolled out for iPhones with iOS 9.3 will require some firewall changes for corporate firewalls.
It looks like the feature establishes a per app vpn for the calling feature. IPsec and ike protocols appear to be in use.
I'm hoping to find documentation from Verizon on what ports and addresses to enabled for this feature.
Can anyone point me in the right direction?
Solved! Go to Correct Answer
Correct answers
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Have you seen this Cisco document fo getting wifi calling working? IPSec using UDP ports 500 and 4500.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Have you seen this Cisco document fo getting wifi calling working? IPSec using UDP ports 500 and 4500.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@Weth, thanks for the document, I had not seen it yet.
I see the line that states: "IPsec: The enterprise firewall policy needs to enable User Datagram Protocol (UDP) ports 500 and 4500 for IPsec to work properly."
I'm looking for a specific range of destination IP addresses to allow for the outbound rule. Just allowing the ports outbound without a specific destination won't work for use. We need to keep our outbound traffic limited to specific destinations.
Thanks,
-Jon
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Got it. Same reason I can't get it turned on in our hospital. Sure would be great for the far reaches of the basement with X-ray blocking walls near the radiology suite! Unless someone chimes in at a level of Verizon network technical knowledge that I have not seen in this forum, you'll need to get by the first 2 layers of CS so a third level can put in a request for a technical contact.
Did you see where it is connecting to from a less controlled network, I.e. Home?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
agreed. Not going to hold my breath.
I called CS today and they told me to call Apple Care Support number because CS had not been briefed on 9.3 calling feature yet, and since it's an Apple device, I needed to call Apple.
I think I'm going to try our business rep.
I also sent a tweet to @VZWSupport to see if they had any info, nothing yet. trying multiple channels to see if I can get a quick resolution.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Still haven't found any official documentation yet but I did some sleuthing and found the following needs to be enabled.
As @Weth noted, the Cisco document recommends the following ports need to be allowed outbound
udp/4500
udp 500
Only 2 Verizon IP addresses appear in the destination list, but not sure if they are regional.
141.207.225.232 - 232.sub-141-207-225.myvzw.com (Appears to be West coast)
141.207.227.232 - 232.sub-141-207-227.myvzw.com (Appears to be East coast)
We've enabled outbound traffic to these addresses on these ports and it works.
YMMV
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This continues to work successfully for us. Still nothing back from Verizon support.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
studerje1, We always want your concerns to be addressed and solved properly. This is a community forum and we provide the community the initial opportunity to answer here. We do see here that @Weth was able to provide you with a great solution to your concern. Is everything working currently? Do you have any other concerns?
JoelR_VZW
Follow us on Twitter @VZWSupport
If my response answered your question please click the �Correct Answer� button under my response. This ensures others can benefit from our conversation. Thanks in advance for your help with this!!
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
as you can see by my initial response to his post.
I acknowledged that it was helpful, but was only half of the answer I'm seeking.
"I'm looking for a specific range of destination IP addresses to allow for the outbound rule. Just allowing the ports outbound without a specific destination won't work for us. We need to keep our outbound traffic limited to specific destinations."
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
For what it's worth, I detected a connection to IP 141.207.175.232 when making a WiFi call in Ohio. Hopefully Verizon can chime in with an official, complete list of IPs.