Cisco Cisco Expressway
"Lync gateway" Expressway: Load CA certificate and server certificate (if
using TLS to Lync)
using TLS to Lync)
Obtain and load the CA certificate, server certificate and private key onto the Expressway. Note that for
mutual TLS authentication the server certificate must be capable of being used as a client certificate as well.
mutual TLS authentication the server certificate must be capable of being used as a client certificate as well.
A certificate must be created for each "Lync gateway" Expressway; the certificate must specify:
n
Subject Name: the Expressway peer’s FQDN e.g. exp01.ciscotp.com
and if it is part of a cluster:
n
Subject Alternate Name: a comma separated list of the Expressway cluster’s FQDN and the
Expressway peer’s routable FQDN, e.g. lyncexp.ciscotp.com, exp01.ciscotp.com
Expressway peer’s routable FQDN, e.g. lyncexp.ciscotp.com, exp01.ciscotp.com
You may also want to set up the SIP trunk between Expressway and Unified CM to use TLS. We
recommend that you set up a working TCP trunk first and then convert it to TLS. Full instructions for doing
this and for managing certificates on Expressway and Unified CM are in section
recommend that you set up a working TCP trunk first and then convert it to TLS. Full instructions for doing
this and for managing certificates on Expressway and Unified CM are in section
.
"Lync gateway" Expressway: Configure DNS and local hostname
Configure the DNS server details
The "Lync gateway" Expressway(s) should be configured to use the same DNS server(s) as Lync Server.
On a machine running Lync Server:
1. From the Windows
Start
menu choose
Run
.
2. Type cmd into the Open field and click OK. A command window opens.
3. In the cmd.exe window type:
ipconfig /all
4. Note down the DNS server(s).
Note: a DNS server IP address of 127.0.0.1 means that Lync Server is using a DNS server on its own
hardware. Instead of entering 127.0.0.1 on the Expressway, use the IP address of the Lync Server platform
instead.
hardware. Instead of entering 127.0.0.1 on the Expressway, use the IP address of the Lync Server platform
instead.
On each "Lync gateway" Expressway peer:
1. Go to
System > DNS
.
2. If the DNS server that Lync Server uses can provide all DNS lookups needed by Expressway:
a. Set Default DNS Server Address 1 to the IP address of DNS server noted earlier.
b. If Lync Server has more than one DNS server defined, configure the additional default DNS server
b. If Lync Server has more than one DNS server defined, configure the additional default DNS server
fields (Address 2, Address 3 and so on) with the IP addresses of the additional servers.
3. If the Expressway must use other DNS servers for normal calls and only the Lync DNS server for Lync
access:
Configure the
Configure the
Default DNS servers
with the servers which will be used for normal, non-Lync related
DNS operation and configure the
Per-domain DNS servers
section as follows:
Address 1
IP address of the DNS server used by Lync Server
Microsoft Lync and Cisco Expressway Deployment Guide (X8.5)
Page 29 of 71
Enabling endpoints registered on the video network to call clients registered on Lync