Cisco Cisco Expressway
TLS verify mode set to On if the Unified CM discovery had TLS verify mode enabled. This means that the
Expressway-C will verify the CallManager certificate for subsequent SIP communications. Each zone is
created with a name in the format 'CEtcp-<node name>' or 'CEtls-<node name>'.
Expressway-C will verify the CallManager certificate for subsequent SIP communications. Each zone is
created with a name in the format 'CEtcp-<node name>' or 'CEtls-<node name>'.
A non-configurable search rule, following the same naming convention, is also created automatically for each
zone. The rules are created with a priority of 45. If the Unified CM node that is targeted by the search rule has
a long name, the search rule will use a regex for its address pattern match.
zone. The rules are created with a priority of 45. If the Unified CM node that is targeted by the search rule has
a long name, the search rule will use a regex for its address pattern match.
Note that load balancing is managed by Unified CM when it passes routing information back to the registering
endpoints.
endpoints.
Configuring the HTTP server allow list (whitelist) on
Expressway-C
Expressway-C
Jabber client endpoints may need to access additional web services inside the enterprise. This requires an
"allow list" of servers to be configured to which the Expressway will grant access for HTTP traffic originating
from outside the enterprise.
"allow list" of servers to be configured to which the Expressway will grant access for HTTP traffic originating
from outside the enterprise.
The features and services that may be required, and would need whitelisting, include:
n
Visual Voicemail
n
Jabber Update Server
n
Custom HTML tabs / icons
n
Directory Photo Host
n
Advanced File Transfer (AFT)
Note: In order for the AFT feature to work across Expressway you must ensure that all Unified CM IM and
Presence Service nodes, across all Unified CM IM and Presence Service clusters, have been added to the
whitelist either manually or automatically.
Presence Service nodes, across all Unified CM IM and Presence Service clusters, have been added to the
whitelist either manually or automatically.
To configure the set of addresses to which HTTP access will be allowed:
1. On Expressway-C, go to
Configuration > Unified Communications > Configuration
.
2. Click HTTP server allow list.
3. Configure the hostnames or IP addresses of any HTTP servers that external Jabber clients are allowed to
access.
Access is granted if the server portion of the client-supplied URI matches one of the names entered here,
or if it resolves via DNS lookup to a specified IP address.
Access is granted if the server portion of the client-supplied URI matches one of the names entered here,
or if it resolves via DNS lookup to a specified IP address.
Expressway-C automatically whitelists the IP addresses of all discovered Unified CM nodes (that are
running the CallManager or TFTP service), IM and Presence Service nodes, and Cisco Unity Connection
nodes. These entries cannot be deleted. They are displayed in the
running the CallManager or TFTP service), IM and Presence Service nodes, and Cisco Unity Connection
nodes. These entries cannot be deleted. They are displayed in the
Auto-configured allow list
section of the
HTTP server allow list
page.
Setting up the Expressway-E
This section describes the configuration steps required on the Expressway-E.
Configuring DNS and NTP settings
Check and configure the basic system settings on Expressway:
Unified Communications Mobile and Remote Access via Cisco Expressway Deployment Guide (X8.5.1)
Page 25 of 50
Configuring mobile and remote access on Expressway