Cisco Cisco Expressway Maintenance Manual
Using the Address-Switch Node
<?xml version="1.0" encoding="UTF-8" ?>
<cpl xmlns="urn:ietf:params:xml:ns:cpl"
xmlns:taa="http://www.tandberg.net/cpl-extensions"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="urn:ietf:params:xml:ns:cpl cpl.xsd">
<taa:routed>
<address-switch field="destination">
<address regex="9(.*)">
<address-switch field="originating-zone">
<!-- Calls coming from the traversal zone are not allowed to use this gateway -->
<address is="TraversalZone">
<!-- Reject call with a status code of 403 (Forbidden) -->
<reject status="403" reason="Denied by policy"/>
</address>
</address-switch>
</address>
</address-switch>
</taa:routed>
</cpl>
Using the Taa:Rule-Switch Node
<?xml version="1.0" encoding="UTF-8" ?>
<cpl xmlns="urn:ietf:params:xml:ns:cpl"
xmlns:taa="http://www.tandberg.net/cpl-extensions"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="urn:ietf:params:xml:ns:cpl cpl.xsd">
<taa:routed>
<taa:rule-switch>
<taa:rule originating-zone="TraversalZone" destination="9(.*)">
<!-- Calls coming from the traversal zone are not allowed to use this gateway -->
<!-- Reject call with a status code of 403 (Forbidden) -->
<reject status="403" reason="Denied by policy"/>
</taa:rule>
<taa:rule origin="(.*)" destination="(.*)">
<!-- All other calls allowed -->
<proxy/>
</taa:rule>
</taa:rule-switch>
</taa:routed>
</cpl>
Changing the Default SSH Key
Using the default key means that SSH sessions established to the Expressway may be vulnerable to "man-in-the-
middle" attacks, so you are recommended to generate new SSH keys which are unique to your Expressway.
middle" attacks, so you are recommended to generate new SSH keys which are unique to your Expressway.
An alarm message "Security alert: the SSH service is using the default key” is displayed if your Expressway is still
configured with its factory default SSH key.
configured with its factory default SSH key.
To generate a new SSH key for the Expressway:
1.
Log into the CLI as root.
2.
Type regeneratesshkey.
3.
Type exit to log out of the root account.
4.
Log in to the web interface.
5.
Go to Maintenance > Restart. You are taken to the Restart page.
262
Cisco Expressway Administrator Guide
Reference Material