Cisco Cisco Expressway Maintenance Manual
Firewall traversal and authentication
The Expressway-E allows only authenticated client systems to use it as a traversal server.
Upon receiving the initial connection request from the traversal client, the Expressway-E asks the client to
authenticate itself by providing its authentication credentials. The Expressway-E then looks up the client’s
credentials in its own authentication database. If a match is found, the Expressway-E accepts the request
from the client.
authenticate itself by providing its authentication credentials. The Expressway-E then looks up the client’s
credentials in its own authentication database. If a match is found, the Expressway-E accepts the request
from the client.
The settings used for authentication depend on the type of traversal client:
Traversal client
Expressway-E traversal server
Expressway-C
The Expressway client provides its Username
and Password. These are set on the traversal
client zone by using
and Password. These are set on the traversal
client zone by using
Configuration > Zones >
Zones > Edit zone
, in the
Connection
credentials
section.
The traversal server zone for the Expressway client must be
configured with the client's authentication Username. This is
set on the Expressway-E by using
configured with the client's authentication Username. This is
set on the Expressway-E by using
Configuration > Zones >
Zones > Edit zone
, in the
Connection credentials
section.
There must also be an entry in the Expressway-E’s
authentication database with the corresponding client
username and password.
authentication database with the corresponding client
username and password.
Endpoint
The endpoint client provides its Authentication
ID and Authentication Password.
ID and Authentication Password.
There must be an entry in the Expressway-E’s authentication
database with the corresponding client username and
password.
database with the corresponding client username and
password.
Note that all Expressway traversal clients must authenticate with the Expressway-E.
Authentication and NTP
All Expressway traversal clients that support H.323 must authenticate with the Expressway-E. The
authentication process makes use of timestamps and requires that each system uses an accurate system
time. The system time on an Expressway is provided by a remote NTP server. Therefore, for firewall
traversal to work, all systems involved must be configured with details of an
authentication process makes use of timestamps and requires that each system uses an accurate system
time. The system time on an Expressway is provided by a remote NTP server. Therefore, for firewall
traversal to work, all systems involved must be configured with details of an
.
Cisco Expressway Administrator Guide (X8.1.1)
Page 49 of 343
Firewall traversal
Firewall traversal and authentication