Cisco Cisco Expressway
3.
The Phone Security Profiles in Unified CM (System > Security > Phone Security Profile) that are configured
for TLS and are used for devices requiring remote access must have a Name in the form of an FQDN that
includes the enterprise domain, for example jabber.secure.example.com. (This is because those names must
be present in the list of Subject Alternate Names in the Expressway-C's server certificate.)
for TLS and are used for devices requiring remote access must have a Name in the form of an FQDN that
includes the enterprise domain, for example jabber.secure.example.com. (This is because those names must
be present in the list of Subject Alternate Names in the Expressway-C's server certificate.)
Note:
Your secure profiles must set Device Security Mode to Encrypted because the Expressway does not
allow unencrypted TLS connections. When Device Security Mode is set to Authenticated, Unified CM only
offers the NULL-SHA cipher suite, which the Expressway rejects.
offers the NULL-SHA cipher suite, which the Expressway rejects.
4.
If Unified CM servers (System > Server) are configured by Host Name (rather than IP address), then ensure
that those host names are resolvable by the Expressway-C.
that those host names are resolvable by the Expressway-C.
5.
If you are using secure profiles, ensure that the root CA of the authority that signed the Expressway-C
certificate is installed as a CallManager-trust certificate (Security > Certificate Management in the Cisco
Unified OS Administration application).
certificate is installed as a CallManager-trust certificate (Security > Certificate Management in the Cisco
Unified OS Administration application).
6.
Ensure that the Cisco AXL Web Service is active on the Unified CM publishers you will be using to discover
the Unified CM servers that are to be used for remote access. To check this, select the Cisco Unified
Serviceability application and go to Tools > Service Activation.
the Unified CM servers that are to be used for remote access. To check this, select the Cisco Unified
Serviceability application and go to Tools > Service Activation.
7.
We recommend that remote and mobile devices are configured (either directly or by Device Mobility) to use
publicly accessible NTP servers.
publicly accessible NTP servers.
a.
Configure a public NTP server System > Phone NTP Reference.
b.
Add the Phone NTP Reference to a Date/Time Group (System > Date/Time Group).
c.
Assign the Date/Time Group to the Device Pool of the endpoint (System > Device Pool).
IM and Presence Service
Ensure that the Cisco AXL Web Service is active on the IM and Presence Service publishers that will discover other
IM and Presence Service nodes for remote access. To check this, select the Cisco Unified Serviceability application
and go to Tools > Service Activation.
IM and Presence Service nodes for remote access. To check this, select the Cisco Unified Serviceability application
and go to Tools > Service Activation.
11
Mobile and Remote Access Through Cisco Expressway Deployment Guide
Configuration Overview