Cisco Cisco Expressway Maintenance Manual
3.
Configure the fields as follows (leave all other fields with default values):
Expressway-C
Expressway-E
Name
"Traversal zone" for example
"Traversal zone" for example
Type
Unified Communications
traversal
traversal
Unified Communications traversal
Connection credentials section
Username
"exampleauth" for example
"exampleauth" for example
Password
"ex4mpl3.c0m" for example
Click Add/Edit local authentication database,
then in the popup dialog click New and enter
the Name ("exampleauth") and Password
("ex4mpl3.c0m") and click Create credential.
then in the popup dialog click New and enter
the Name ("exampleauth") and Password
("ex4mpl3.c0m") and click Create credential.
SIP section
Port
7001
7001
TLS verify subject name
Not applicable
Enter the name to look for in the traversal
client's certificate (must be in either the
Subject Common Name or the Subject
Alternative Name attributes). If there is a
cluster of traversal clients, specify the cluster
name here and ensure that it is included in
each client's certificate.
client's certificate (must be in either the
Subject Common Name or the Subject
Alternative Name attributes). If there is a
cluster of traversal clients, specify the cluster
name here and ensure that it is included in
each client's certificate.
Location section
Peer 1 address
Enter the FQDN of the
Expressway-E.
Expressway-E.
Note that if you use an IP
address (not recommended),
that address must be present
in the Expressway-E server
certificate.
address (not recommended),
that address must be present
in the Expressway-E server
certificate.
Not applicable
Peer 2...6 address
Enter the FQDNs of additional
peers if it is a cluster of
Expressway-Es.
peers if it is a cluster of
Expressway-Es.
Not applicable
4.
Click Create zone.
Server Certificate Requirements for Unified Communications
Cisco Unified Communications Manager Certificates
The two Cisco Unified Communications Manager certificates that are significant for Mobile and Remote Access are
the CallManager certificate and the tomcat certificate. These are automatically installed on the Cisco Unified
Communications Manager and by default they are self-signed and have the same common name (CN).
the CallManager certificate and the tomcat certificate. These are automatically installed on the Cisco Unified
Communications Manager and by default they are self-signed and have the same common name (CN).
We recommend using externally-signed certificates for best end-to-end security between external endpoints and
internal endpoints. However, if you do use self-signed certificates, the two certificates must have different common
names. This is because the Expressway does not allow two self-signed certificates with the same CN. If the
CallManager and tomcat self-signed certs have the same CN in the Expressway's trusted CA list, then it can only
trust one of them. This means that either secure HTTP or secure SIP, between Expressway-C and Cisco Unified
Communications Manager, will fail.
internal endpoints. However, if you do use self-signed certificates, the two certificates must have different common
names. This is because the Expressway does not allow two self-signed certificates with the same CN. If the
CallManager and tomcat self-signed certs have the same CN in the Expressway's trusted CA list, then it can only
trust one of them. This means that either secure HTTP or secure SIP, between Expressway-C and Cisco Unified
Communications Manager, will fail.
48
Cisco Expressway Administrator Guide