The call router service uses SIP over TCP or a mutual Transport Layer Security (TLS) in order to communicate with Mailbox servers that run the Unified Messaging service. To avoid port conflicts, the call router service and the Unified Messaging service listen on different TCP ports. They are able to accept both secured and unsecured connections, subject to mutual TLS being used with RTP and SIP traffic or not.

By default, CASs listen for SIP requests on the TCP ports 5060 (unsecured) and 5061 (secured using mutual TLS). Both these ports are easily configurable through the Set-UMCallRouterSettings cmdlet. As the call router does not handle media traffic, only TCP ports are used instead of UDP.

By default, the Unified Messaging service on Mailbox servers listens for SIP requests on TCP ports 5062 (unsecured) and 5063 (secured using mutual TLS). These ports cannot be changed.

The following table lists the ports and protocols used in Exchange 2013: