Cisco Cisco Expressway Maintenance Manual
Setting up the Expressway-E
This section describes the configuration steps required on the Expressway-E.
Configuring DNS and NTP settings
Check and configure the basic system settings on Expressway:
1. Ensure that System host name and Domain name are specified (
System > DNS
).
2. Ensure that public DNS servers are specified (
System > DNS
).
3. Ensure that all Expressway systems are synchronized to a reliable NTP service (
System > Time
). Use
an Authentication method in accordance with your local policy.
If you have a cluster of Expressways you must do this for every peer.
Configuring the Expressway-E for Unified Communications
To enable mobile and remote access functionality:
1. Go to
Configuration > Unified Communications > Configuration
.
2. Set Unified Communications mode to Mobile and remote access.
3. Click Save.
Ensuring that TURN services are disabled on Expressway-E
You must ensure that TURN services are disabled on the Expressway-E used for mobile and remote access.
1. Go to
Configuration > Traversal > TURN
.
2. Ensure that TURN services are Off.
Setting up Expressway security certificates
This deployment requires secure communications between the Expressway-C and the Expressway-E, and
between the Expressway-E and endpoints located outside the enterprise. Therefore, you must:
between the Expressway-E and endpoints located outside the enterprise. Therefore, you must:
1. Install a suitable server certificate on both the Expressway-C and the Expressway-E. The certificate on
each Expressway has different requirements for what needs to be included as subject alternate names as
described in
described in
Expressway-C / Expressway-E server certificate requirements
below.
l
The certificate must include the Client Authentication extension. (The system will not allow you to
upload a server certificate without this extension when mobile and remote access is enabled.)
upload a server certificate without this extension when mobile and remote access is enabled.)
l
The Expressway includes a built-in mechanism to generate a certificate signing request (CSR) and is
the recommended method for generating a CSR. This CSR includes the client authentication request
and can be used to help ensure each Expressway certificate includes the correct subject alternate
names for Unified Communications and to establish a secure traversal zone. Ensure that the CA that
signs the request does not strip out the client authentication extension.
the recommended method for generating a CSR. This CSR includes the client authentication request
and can be used to help ensure each Expressway certificate includes the correct subject alternate
names for Unified Communications and to establish a secure traversal zone. Ensure that the CA that
signs the request does not strip out the client authentication extension.
l
To generate a CSR and /or to upload a server certificate to the Expressway, go to
Maintenance >
Security certificates > Server certificate
. You must restart the Expressway for the new server
certificate to take effect.
2. Install on both Expressways the trusted Certificate Authority (CA) certificates of the authority that signed
Cisco Expressway Administrator Guide (X8.1.1)
Page 59 of 343
Unified Communications
Configuring mobile and remote access on Expressway