Cisco Cisco Expressway
Configuration overview
This section summarizes the steps involved in configuring your Unified Communications system for mobile
and remote access. It assumes that you already have set up:
and remote access. It assumes that you already have set up:
n
(this document contains information about the different networking options for deploying
the Expressway-E in the DMZ)
n
Unified CM and IM and Presence Service have been configured as specified in Configuration and
Administration of IM and Presence Service on Cisco Unified Communications Manager (for your version),
at
Administration of IM and Presence Service on Cisco Unified Communications Manager (for your version),
at
Prerequisites
Ensure that you are running the following software versions:
n
Expressway X8.1.1 or later
n
Unified CM 9.1(2)SU1 or later and IM and Presence Service 9.1(1) or later
Supported clients when using mobile and remote access
Expressway X8.1.1 and later:
n
Cisco Jabber for Windows 9.7 or later
n
Cisco Jabber for iPhone and iPad 9.6.1 or later
n
Cisco Jabber for Android 9.6 or later
n
Cisco Jabber for Mac 9.6 or later
n
Cisco TelePresence endpoints/codecs running TC7.0.1 or later firmware
Configuration summary
EX/MX/SX Series endpoints (running TC software)
Ensure that the provisioning mode is set to Cisco UCM via Expressway.
On Unified CM, you need to ensure that the IP Addressing Mode for these endpoints is set to IPV4_ONLY.
These endpoints must verify the identity of the Expressway-E they are connecting to by validating its server
certificate. To do this, they must have the certificate authority that was used to sign the Expressway-E's
server certificate in their list of trusted CAs.
certificate. To do this, they must have the certificate authority that was used to sign the Expressway-E's
server certificate in their list of trusted CAs.
These endpoints ship with a list of default CAs which cover the most common providers (Verisign, Thawte,
etc). If the relevant CA is not included, it must be added. See 'Managing the list of trusted certificate
authorities' in the endpoint's administrator guide.
etc). If the relevant CA is not included, it must be added. See 'Managing the list of trusted certificate
authorities' in the endpoint's administrator guide.
Mutual authentication is optional; these endpoints are not required to provide client certificates. If you do
want to configure mutual TLS, you cannot use CAPF enrolment to provision the client certificates; you must
manually apply the certificates to the endpoints. The client certificates must be signed by an authority that is
trusted by the Expressway-E.
want to configure mutual TLS, you cannot use CAPF enrolment to provision the client certificates; you must
manually apply the certificates to the endpoints. The client certificates must be signed by an authority that is
trusted by the Expressway-E.
Unified Communications Mobile and Remote Access via Cisco Expressway Deployment Guide (X8.5.1)
Page 10 of 50
Configuration overview