Cisco Cisco Expressway Wartungshandbuch
Field
Description
Usage tips
TLS verify
mode and
subject name
mode and
subject name
Controls X.509 certificate checking and mutual
authentication between this Expressway and the
traversal client.
authentication between this Expressway and the
traversal client.
If TLS verify mode is enabled, a TLS verify subject
name must be specified. This is the certificate
holder's name to look for in the traversal client's
X.509 certificate.
name must be specified. This is the certificate
holder's name to look for in the traversal client's
X.509 certificate.
If the traversal client is clustered, the
TLS verify subject name must be the
FQDN of the cluster.
TLS verify subject name must be the
FQDN of the cluster.
information.
Media
encryption
mode
encryption
mode
Controls the media encryption policy applied by the
Expressway for SIP calls (including interworked calls)
to and from this zone.
Expressway for SIP calls (including interworked calls)
to and from this zone.
ICE support
Controls whether ICE messages are supported by
the devices in this zone.
the devices in this zone.
This is typically required in Jabber
Guest deployments. See
Guest deployments. See
information.
Poison mode
Determines if SIP requests sent to systems located via
this zone are "poisoned" such that if they are received
by this Expressway again they will be rejected.
this zone are "poisoned" such that if they are received
by this Expressway again they will be rejected.
Authentication
section:
Authentication
policy
policy
Controls how the Expressway authenticates incoming
messages from this zone and whether they are
subsequently treated as authenticated,
unauthenticated, or are rejected. The behavior varies
for H.323 messages, SIP messages that originate
from a local domain and SIP messages that originate
from non-local domains.
messages from this zone and whether they are
subsequently treated as authenticated,
unauthenticated, or are rejected. The behavior varies
for H.323 messages, SIP messages that originate
from a local domain and SIP messages that originate
from non-local domains.
UDP / TCP probes
section:
UDP retry
interval
interval
The frequency (in seconds) with which the client
sends a UDP probe to the Expressway-E if a keep
alive confirmation has not been received.
sends a UDP probe to the Expressway-E if a keep
alive confirmation has not been received.
The default UDP and TCP probe retry
intervals are suitable for most situations.
However, if you experience problems
with NAT bindings timing out, they may
need to be changed.
intervals are suitable for most situations.
However, if you experience problems
with NAT bindings timing out, they may
need to be changed.
UDP retry
count
count
The number of times the client attempts to send a
UDP probe to the Expressway-E during call setup.
UDP probe to the Expressway-E during call setup.
UDP keep
alive interval
alive interval
The interval (in seconds) with which the client sends a
UDP probe to the Expressway-E after a call is
established, in order to keep the firewall’s NAT
bindings open.
UDP probe to the Expressway-E after a call is
established, in order to keep the firewall’s NAT
bindings open.
TCP retry
interval
interval
The interval (in seconds) with which the traversal
client sends a TCP probe to the Expressway-E if a
keep alive confirmation has not been received.
client sends a TCP probe to the Expressway-E if a
keep alive confirmation has not been received.
TCP retry
count
count
The number of times the client attempts to send a TCP
probe to the Expressway-E during call setup.
probe to the Expressway-E during call setup.
TCP keep
alive interval
alive interval
The interval (in seconds) with which the traversal
client sends a TCP probe to the Expressway-E when
a call is in place, in order to maintain the firewall’s
NAT bindings.
client sends a TCP probe to the Expressway-E when
a call is in place, in order to maintain the firewall’s
NAT bindings.
Cisco Expressway Administrator Guide (X8.1)
Page 88 of 344
Zones and neighbors
Configuring zones