Cisco Cisco Expressway Maintenance Manual
Configuring the Default Zone
By configuring the Default Zone you can control how the Expressway handles calls from unrecognized systems and
endpoints. To configure the Default Zone, go to Configuration > Zones > Zones and click on DefaultZone.
endpoints. To configure the Default Zone, go to Configuration > Zones > Zones and click on DefaultZone.
The configurable options are:
Field
Description
Usage tips
Authentication
policy
policy
The Authentication policy
setting controls how the
Expressway challenges
incoming messages to the
Default Zone.
setting controls how the
Expressway challenges
incoming messages to the
Default Zone.
Media
encryption
mode
encryption
mode
The Media encryption mode
setting controls the media
encryption capabilities for SIP
calls flowing through the Default
Zone.
setting controls the media
encryption capabilities for SIP
calls flowing through the Default
Zone.
information.
ICE support
Controls whether ICE messages
are supported by the devices in
this zone.
are supported by the devices in
this zone.
for more
information.
Use Default
Zone access
rules on port
Zone access
rules on port
This controls whether access
rules are applied to external
systems that attempt to connect
to the Expressway TLS port via
the Default Zone.
rules are applied to external
systems that attempt to connect
to the Expressway TLS port via
the Default Zone.
The default TLS port is 5061 and the default MTLS port is 5062.
This setting does not affect other connections to the Default
Zone (H.323 and SIP UDP/TCP).
This setting does not affect other connections to the Default
Zone (H.323 and SIP UDP/TCP).
TLS and MTLS: Access rules are enabled for Default Zone
connection attempts to the Expressway TLS and MTLS ports.
connection attempts to the Expressway TLS and MTLS ports.
MTLS Only: Access rules are disabled for Default Zone
connection attempts to the Expressway TLS port. Access rules
are always enabled for Default Zone MTLS connection
attempts.
connection attempts to the Expressway TLS port. Access rules
are always enabled for Default Zone MTLS connection
attempts.
There are no access rules by default. You need to create rules
before any connection attempts influenced by this setting will
be allowed. See
before any connection attempts influenced by this setting will
be allowed. See
for help on allowing matching systems to make TLS or
MTLS connections.
Using Links and Pipes to Manage Access and Bandwidth
associated
with the Default Zone. For example, you can:
■
delete the default links to prevent any incoming calls from unrecognized endpoints
■
apply pipes to the default links to control the bandwidth consumed by incoming calls from unrecognized
endpoints
endpoints
Configuring Default Zone access rules
Create Default Zone access rules (Configuration > Zones > Default Zone access rules) to control which external
systems are allowed to connect over SIP TLS to the Expressway via the Default Zone.
systems are allowed to connect over SIP TLS to the Expressway via the Default Zone.
130
Cisco Expressway Administrator Guide
Zones and Neighbors