what ports need to be connected for Cisco 2811 on network

peter_lawrie used Ask the Experts™
I've asked this question twice already without being able to resolve it

I have been trying to connect a 7940 at a remote user behind a Draytek 2820 adsl router to a cisco 2811 switch. which is also behind a Draytek 2820
First of all I amended the configurion of the 2811 on local site and connected the new 7940 handset - works
Then I connected it to a second adsl router on site (effectively a remote site with its own IP)
(That is not the ultimate intention but at least I can test without having to travel!)
The 7940 loops between 'configuring CMList and looking for TFTP server. I reset it to defaults in accordance with instructions I found when googling but got stuck at 'configure SIP settings' The TFTP setting on the 7940 is the external IP of the local site with the 2811. I suspect it does not get past the Draytek, but I don't know what port it requires.

What does a remote 7940 need in order to connect to a local 2811
What ports need to be opened in the firewall (Draytek 2820 on both remote and local network)
What changes are needed on the cisco 2811 to allow this.
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
because your are using SIP so you have to open port 5060 and forward it to CISCO 2811 router which is work as CME.
if you have SCCP to connect the phone to the CME so forward port 2000 to CISCO 2811 router.
no need to configure anything on CISCO 2811 your configuration should be done on Draytek 2820.

what 2811 IOS (CME) version are you using, what 7940 phone firmware are you using?

IIn general, if you have phones working locally on a base install of CME, you should not need to configure anything on the 2800 to allow remote phones to register.  However... make sure your basic network connectivity are working on the 2811 -- i.e. ensure you have a default gateway set and no ACLs restricting what IP addresses can connect.

Normally, this type of setup should really not be used (for a multitude of reasons), but if you REALLY want to setup a remote phone over the Internet with port forwarding on and ADSL router...  you will need to setup port forwarding on the Draytek for: TFTP, SCCP, MGCP, H323 and SIP.

Be forwarned, this is dangerous setup at best.  Highly recommend you build a basic IPSEC tunnel VPN link between the two sites, then connect the remote phone to the Internal 2811 IP address.

Hope this helps.


Sorry for the delay. I'm taking a few days off.
I still can't make it work. I have opened port 5060 and 2000 with no change. So I opened the ports for the other protocols as well. The adsl router has been changed, I introduced the draytek when the old cicso forewall router died. It had an IP of, whereas I made the draytek, so I changed that in the 2811 config and changed the address of the DNS server too, but still no cussess. There are some other settings in the config that I really don't understand so I'm reluctant to fiddle with them. I'll be looking at it again next week.  
Success in ‘20 With a Profitable Pricing Strategy

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

i have linksys and i did the same but it did not work, then i enable remote access on my linksys the it worked fine.
are the phones using DHCP for tftp address or are they manually set in the phone?  you may need to change your OPTION 150 setting in DHCP on the remote side if using DHCP-issued TFTP/Callmanager address type of setup.


still not working - just close the question

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial