Cisco Cisco Expressway
You must enter the FQDN of the Expressway-E, as it is seen from outside the network, as the peer
address on the Expressway-C's secure traversal zone. The reason for this is that in static NAT mode, the
Expressway-E requests that incoming signaling and media traffic should be sent to its external FQDN,
rather than its private name.
This also means that the external firewall must allow traffic from the Expressway-C to the
Expressway-E's external FQDN. This is known as NAT reflection, and may not be supported by
all types of firewalls.
See the Advanced network deployments appendix, in the
address on the Expressway-C's secure traversal zone. The reason for this is that in static NAT mode, the
Expressway-E requests that incoming signaling and media traffic should be sent to its external FQDN,
rather than its private name.
This also means that the external firewall must allow traffic from the Expressway-C to the
Expressway-E's external FQDN. This is known as NAT reflection, and may not be supported by
all types of firewalls.
See the Advanced network deployments appendix, in the
Unified CM
1. If you have multiple Unified CM clusters, ILS (Intercluster Lookup Service) must be set up on all of the
clusters. This is because the Expressway has to authenticate a client against its home Unified CM
cluster, and to discover the home cluster it sends a UDS (User Data Service) query to any one of the
Unified CM nodes. See
cluster, and to discover the home cluster it sends a UDS (User Data Service) query to any one of the
Unified CM nodes. See
2. Ensure that the Maximum Session Bit Rate for Video Calls between and within regions (
System
> Region Information > Region
) is set to a suitable upper limit for your system, for example 6000 kbps.
for more information.
3. The Phone Security Profiles in Unified CM (
System > Security > Phone Security Profile
) that are
configured for TLS and are used for devices requiring remote access must have a Name in the form of an
FQDN that includes the enterprise domain, for example jabber.secure.example.com. (This is because
those names must be present in the list of Subject Alternate Names in the Expressway-C's server
certificate.) Also ensure that the SIP phone port is set to 5061.
FQDN that includes the enterprise domain, for example jabber.secure.example.com. (This is because
those names must be present in the list of Subject Alternate Names in the Expressway-C's server
certificate.) Also ensure that the SIP phone port is set to 5061.
Unified Communications: Mobile and Remote Access via Cisco Expressway Deployment Guide (X8.1.1)
Page 11 of 36
Configuration overview