Cisco Cisco Expressway Maintenance Manual
Configuring Delegated Credential Checking (Expressway-E Only)
If you have enabled delegated credential checking (Configuration > Protocols > SIP), you need to specify the
traversal zone to use when delegating credential checks for SIP messages for this domain. This only applies to the
SIP domains for which Expressway is acting as the service provider and SIP registrar.
traversal zone to use when delegating credential checks for SIP messages for this domain. This only applies to the
SIP domains for which Expressway is acting as the service provider and SIP registrar.
You can specify a different zone for each SIP domain, if required.
Choose Do not delegate if you want to continue to use this Expressway-E to perform the credential checking.
Testing the credential checking service
To verify whether the Expressway to which credential checking has been delegated is able to receive messages and
perform the relevant authentication checks:
perform the relevant authentication checks:
1.
Go to Configuration > Domains.
2.
Select the relevant domains.
3.
Click Test credential checking service.
The system displays a Results section and reports whether the receiving Expressway can be reached over the
traversal zone and, additionally, if it is able to perform credential checking for both NTLM and SIP digest type
challenges.
traversal zone and, additionally, if it is able to perform credential checking for both NTLM and SIP digest type
challenges.
If you are not using NTLM authentication in your video network, and thus the receiving Expressway is not
configured with a connection to an Active Directory Service, then the NTLM check will be expected to fail.
configured with a connection to an Active Directory Service, then the NTLM check will be expected to fail.
Configuring SIP and H.323 Interworking
The Interworking page (Configuration > Protocols > Interworking) lets you configure whether or not the Expressway
acts as a gateway between SIP and H.323 calls. The translation of calls from one protocol to the other is known as
“interworking”.
acts as a gateway between SIP and H.323 calls. The translation of calls from one protocol to the other is known as
“interworking”.
By default, the Expressway acts as a SIP–H.323 and H.323–SIP gateway but only if one of the endpoints that are
involved in the call is locally registered. You can change this setting so that the Expressway acts as a SIP–H.323
gateway regardless of whether the endpoints involved are locally registered. You also have the option to disable
interworking completely.
involved in the call is locally registered. You can change this setting so that the Expressway acts as a SIP–H.323
gateway regardless of whether the endpoints involved are locally registered. You also have the option to disable
interworking completely.
The options for the H.323 <-> SIP interworking mode are:
■
Off: the Expressway does not act as a SIP–H.323 gateway.
■
Registered only: the Expressway acts as a SIP–H.323 gateway but only if one of the endpoints is locally
registered.
registered.
■
On: the Expressway acts as a SIP–H.323 gateway regardless of whether the endpoints are locally registered.
We recommend that you leave this setting as Registered only. Unless your network is correctly configured, setting it
to On (where all calls can be interworked) may result in unnecessary interworking, for example where a call between
two H.323 endpoints is made over SIP, or vice versa.
to On (where all calls can be interworked) may result in unnecessary interworking, for example where a call between
two H.323 endpoints is made over SIP, or vice versa.
Calls for which the Expressway acts as a SIP to H.323 gateway are RMS calls. The Expressway always takes the
media for SIP–H.323 interworked calls so that it can independently negotiate payload types on the SIP and H.323
sides and Expressway will re-write these as the media passes.
media for SIP–H.323 interworked calls so that it can independently negotiate payload types on the SIP and H.323
sides and Expressway will re-write these as the media passes.
Also in a SIP SDP negotiation, multiple codec capabilities can be agreed (more than one video codec can be
accepted) and the SIP device is at liberty to change the codec it uses at any time within the call. If this happens,
because Expressway is in the media path it will close and open logical channels to the H.323 device as the media
changes (as required) so that media is passed correctly.
accepted) and the SIP device is at liberty to change the codec it uses at any time within the call. If this happens,
because Expressway is in the media path it will close and open logical channels to the H.323 device as the media
changes (as required) so that media is passed correctly.
Searching by protocol
When searching a zone, the Expressway first performs the search using the protocol of the incoming call. If the
search is unsuccessful the Expressway may then search the zone again using the alternative protocol, depending on
search is unsuccessful the Expressway may then search the zone again using the alternative protocol, depending on
110
Cisco Expressway Administrator Guide
Protocols