Cisco Cisco Expressway
Updating the Expressway Neighbor Zone to Unified CM to
Use TLS
Use TLS
Note that Expressway will report that the Unified CM zone is active even while it is communicating with
Unified CM over TCP. The changes below are necessary to enable communications over TLS.
Unified CM over TCP. The changes below are necessary to enable communications over TLS.
On Expressway:
1. Go to
Configuration > Zones > Zones
, then select the zone to Unified CM.
2. Configure the following fields:
SIP
section
Port
5061
Transport
TLS
TLS verify mode
On
Authentication trust mode
Off
Leave other parameters as previously configured.
3. Click Save.
Verifying That the TLS Connection is Operational
To verify correct TLS operation, check that the Expressway zone reports its status as active and then make
some test calls.
some test calls.
1. Check the Expressway zone is active:
a. Go to
Configuration > Zones > Zones
.
b. Check the SIP status of the zone.
If the zone is not active, try resetting or restarting the trunk again on Unified CM.
2. Make a test call from a system routed through an Expressway to a Unified CM phone.
3. Make a test call from a Unified CM phone to a system routed through an Expressway.
Encrypted Calls to Endpoints Registered to Unified CM
Endpoints registered to Unified CM need to be configured with a “SIP Secure profile” to provide encrypted
media and call negotiation. If such a profile is not available by default, it will need to be created via
media and call negotiation. If such a profile is not available by default, it will need to be created via
System >
Security > Phone Security
.
for further information on using the Cisco CTL Client and
configuring Unified CM for secure communications.
Cisco Unified Communications Manager with Cisco Expressway (SIP Trunk) Deployment Guide (X8.6)
Page 25 of 37
Connecting Expressway to Unified CM Using TLS