Cisco Cisco Expressway Maintenance Manual
If the Expressway-E has Advanced Networking, it will still use the same port numbers as described above,
but they will be assigned to the internal and external IP addresses.
but they will be assigned to the internal and external IP addresses.
Firewall traversal configuration overview
This section provides an overview to how the Expressway can act as a traversal server or as a traversal
client.
client.
Expressway as a firewall traversal client
The Expressway can act as a firewall traversal client on behalf of any systems that are neighbored with it. To
act as a firewall traversal client, the Expressway must be configured with information about the systems that
will act as its firewall traversal server.
act as a firewall traversal client, the Expressway must be configured with information about the systems that
will act as its firewall traversal server.
You do this by adding a traversal client zone on the Expressway-C (
Configuration > Zones > Zones
) and
multiple traversal servers.
Expressway as a firewall traversal server
The Expressway-E has all the functionality of an Expressway-C. However, its main feature is that it can act
as a firewall traversal server for other Cisco systems. It can also provide TURN relay services to ICE-
enabled endpoints.
as a firewall traversal server for other Cisco systems. It can also provide TURN relay services to ICE-
enabled endpoints.
Configuring traversal server zones
For the Expressway-E to act as a firewall traversal server for Cisco systems, you must create a traversal
server zone on the Expressway-E (
server zone on the Expressway-E (
Configuration > Zones > Zones
) and configure it with the details of the
for more information.
You must create a separate traversal server zone for every system that is its traversal client.
Configuring other traversal server features
n
n
Firewall traversal and Advanced Networking
The Advanced Networking option key enables the LAN 2 interface on the Expressway-E (the option is not
available on an Expressway-C). The LAN 2 interface is used in situations where the Expressway-E is
located in a DMZ that consists of two separate networks - an inner DMZ and an outer DMZ - and your
network is configured to prevent direct communication between the two.
available on an Expressway-C). The LAN 2 interface is used in situations where the Expressway-E is
located in a DMZ that consists of two separate networks - an inner DMZ and an outer DMZ - and your
network is configured to prevent direct communication between the two.
With the LAN 2 interface enabled, you can configure the Expressway with two separate IP addresses, one
for each network in the DMZ. Your Expressway then acts as a proxy server between the two networks,
allowing calls to pass between the internal and outer firewalls that make up your DMZ.
for each network in the DMZ. Your Expressway then acts as a proxy server between the two networks,
allowing calls to pass between the internal and outer firewalls that make up your DMZ.
When Advanced Networking is enabled, all ports configured on the Expressway, including those relating to
firewall traversal, apply to both IP addresses; you cannot configure ports separately for each IP address.
firewall traversal, apply to both IP addresses; you cannot configure ports separately for each IP address.
Cisco Expressway Administrator Guide (X8.1.1)
Page 44 of 343
Firewall traversal
About firewall traversal