Cisco Cisco Expressway
Automatically Generated Zones and Search Rules
Expressway-C automatically generates non-configurable neighbor zones between itself and each discovered
Unified CM node. A TCP zone is always created, and a TLS zone is created also if the Unified CM node is
configured with a Cluster Security Mode (
Unified CM node. A TCP zone is always created, and a TLS zone is created also if the Unified CM node is
configured with a Cluster Security Mode (
System > Enterprise Parameters > Security Parameters
) of 1
(Mixed) (so that it can support devices provisioned with secure profiles). The TLS zone is configured with its
TLS verify mode set to On if the Unified CM discovery had TLS verify mode enabled. This means that the
Expressway-C will verify the CallManager certificate for subsequent SIP communications. Each zone is
created with a name in the format 'CEtcp-<node name>' or 'CEtls-<node name>'.
TLS verify mode set to On if the Unified CM discovery had TLS verify mode enabled. This means that the
Expressway-C will verify the CallManager certificate for subsequent SIP communications. Each zone is
created with a name in the format 'CEtcp-<node name>' or 'CEtls-<node name>'.
A non-configurable search rule, following the same naming convention, is also created automatically for each
zone. The rules are created with a priority of 45. If the Unified CM node that is targeted by the search rule has
a long name, the search rule will use a regex for its address pattern match.
zone. The rules are created with a priority of 45. If the Unified CM node that is targeted by the search rule has
a long name, the search rule will use a regex for its address pattern match.
Note that load balancing is managed by Unified CM when it passes routing information back to the registering
endpoints.
endpoints.
Why Should I Refresh the Discovered Nodes?
When the Expressway-C "discovers" a Unified Communications node, it establishes a connection to read
the information required to create zones and search rules to proxy requests originating from outside of the
network in towards that node.
the information required to create zones and search rules to proxy requests originating from outside of the
network in towards that node.
This configuration information is static. That is, the Expressway only reads it when you manually initiate
discovery of a new node, or when you refresh the configuration of previously discovered nodes. If any related
configuration has changed on a node after you discover it, the mismatch between the new configuration and
what the Expressway-C knows of that node will probably cause some kind of failure.
discovery of a new node, or when you refresh the configuration of previously discovered nodes. If any related
configuration has changed on a node after you discover it, the mismatch between the new configuration and
what the Expressway-C knows of that node will probably cause some kind of failure.
The information that the Expressway-C reads from the Unified Communications node is different for each
node type and its role. The following list contains examples of UC configuration that you can expect to
require a refresh from the Expressway. The list is not exhaustive; if you suspect that a configuration change
on a node is affecting MRA services, you should refresh those nodes to eliminate one known source of
potential problems.
node type and its role. The following list contains examples of UC configuration that you can expect to
require a refresh from the Expressway. The list is not exhaustive; if you suspect that a configuration change
on a node is affecting MRA services, you should refresh those nodes to eliminate one known source of
potential problems.
n
Changing cluster (e.g. adding or removing a node)
n
Changing security parameters (e.g. Enabling Mixed Mode)
n
Changing connection sockets (e.g. SIP port configuration)
n
Changing TFTP server configuration
n
Upgrading the software on the node
Configuring the HTTP Server Allow List (Whitelist) on
Expressway-C
Expressway-C
Jabber client endpoints may need to access additional web services inside the enterprise. This requires an
"allow list" of servers to be configured to which the Expressway will grant access for HTTP traffic originating
from outside the enterprise.
"allow list" of servers to be configured to which the Expressway will grant access for HTTP traffic originating
from outside the enterprise.
The features and services that may be required, and would need whitelisting, include:
n
Visual Voicemail
n
Jabber Update Server
Unified Communications Mobile and Remote Access via Cisco Expressway Deployment Guide (X8.6)
Page 27 of 55
Configuring Mobile and Remote Access on Expressway