Cisco Cisco Expressway
3.
Configure the fields as follows (leave all other fields with default values):
Expressway-C
Expressway-E
Name
"Traversal zone" for example
"Traversal zone" for example
Type
Unified Communications
traversal
traversal
Unified Communications traversal
Connection credentials section
Username
"exampleauth" for example
"exampleauth" for example
Password
"ex4mpl3.c0m" for example
Click Add/Edit local authentication database,
then in the popup dialog click New and enter
the Name ("exampleauth") and Password
("ex4mpl3.c0m") and click Create credential.
then in the popup dialog click New and enter
the Name ("exampleauth") and Password
("ex4mpl3.c0m") and click Create credential.
SIP section
Port
7001
7001
TLS verify subject name
Not applicable
Enter the name to look for in the traversal
client's certificate (must be in either the
Subject Common Name or the Subject
Alternative Name attributes). If there is a
cluster of traversal clients, specify the cluster
name here and ensure that it is included in
each client's certificate.
client's certificate (must be in either the
Subject Common Name or the Subject
Alternative Name attributes). If there is a
cluster of traversal clients, specify the cluster
name here and ensure that it is included in
each client's certificate.
Authentication section
Authentication policy
Do not check credentials
Do not check credentials
Location section
Peer 1 address
Enter the FQDN of the
Expressway-E.
Expressway-E.
Note that if you use an IP
address (not recommended),
that address must be present
in the Expressway-E server
certificate.
address (not recommended),
that address must be present
in the Expressway-E server
certificate.
Not applicable
Peer 2...6 address
Enter the FQDNs of additional
peers if it is a cluster of
Expressway-Es.
peers if it is a cluster of
Expressway-Es.
Not applicable
4.
Click Create zone.
Server Certificate Requirements for Unified Communications
Cisco Unified Communications Manager Certificates
The two Cisco Unified Communications Manager certificates that are significant for Mobile and Remote Access are
the CallManager certificate and the tomcat certificate. These are automatically installed on the Cisco Unified
Communications Manager and by default they are self-signed and have the same common name (CN).
the CallManager certificate and the tomcat certificate. These are automatically installed on the Cisco Unified
Communications Manager and by default they are self-signed and have the same common name (CN).
We recommend using CA-signed certificates for best end-to-end security between external endpoints and internal
endpoints. However, if you do use self-signed certificates, the two certificates must have different common names.
This is because the Expressway does not allow two self-signed certificates with the same CN. If the CallManager and
endpoints. However, if you do use self-signed certificates, the two certificates must have different common names.
This is because the Expressway does not allow two self-signed certificates with the same CN. If the CallManager and
20
Mobile and Remote Access Through Cisco Expressway Deployment Guide
Unified Communications Prerequisites