Cisco Cisco Expressway Maintenance Manual
Enterprise
endpoint
endpoint
Expressway-C
Expressway-E
Home
endpoint
endpoint
Non-
demuxed
Non-
demuxed
demuxed
Demuxed Demuxed
RTP ports
36002 36004
36000 36000
RTCP ports
36003 36005
36001 36001
If the Expressway-E has Advanced Networking, it will still use the same port numbers as described above, but they
will be assigned to the internal and external IP addresses.
will be assigned to the internal and external IP addresses.
Firewall Traversal Configuration Overview
This section provides an overview to how the Expressway can act as a traversal server or as a traversal client.
Expressway as a Firewall Traversal Client
The Expressway can act as a firewall traversal client on behalf of any systems that are neighbored with it. To act as a
firewall traversal client, the Expressway must be configured with information about the systems that will act as its
firewall traversal server.
firewall traversal client, the Expressway must be configured with information about the systems that will act as its
firewall traversal server.
You do this by adding a traversal client zone on the Expressway-C (Configuration > Zones > Zones) and configuring it
with the details of the Expressway-E traversal server. See
with the details of the Expressway-E traversal server. See
for more
information. You can create more than one traversal client zone if you want to connect to multiple traversal servers.
Expressway as a Firewall Traversal Server
The Expressway-E has all the functionality of an Expressway-C. However, its main feature is that it can act as a
firewall traversal server for other Cisco systems. It can also provide TURN relay services to ICE-enabled endpoints.
firewall traversal server for other Cisco systems. It can also provide TURN relay services to ICE-enabled endpoints.
Configuring Traversal Server Zones
For the Expressway-E to act as a firewall traversal server for Cisco systems, you must create a traversal server zone
on the Expressway-E (Configuration > Zones > Zones) and configure it with the details of the traversal client. See
on the Expressway-E (Configuration > Zones > Zones) and configure it with the details of the traversal client. See
You must create a separate traversal server zone for every system that is its traversal client.
Configuring Other Traversal Server Features
■
.
■
.
Firewall Traversal and Advanced Networking
The Advanced Networking option key enables the LAN 2 interface on the Expressway-E (the option is not available on
an Expressway-C). The LAN 2 interface is used in situations where the Expressway-E is located in a DMZ that
consists of two separate networks - an inner DMZ and an outer DMZ - and your network is configured to prevent
direct communication between the two.
an Expressway-C). The LAN 2 interface is used in situations where the Expressway-E is located in a DMZ that
consists of two separate networks - an inner DMZ and an outer DMZ - and your network is configured to prevent
direct communication between the two.
With the LAN 2 interface enabled, you can configure the Expressway with two separate IP addresses, one for each
network in the DMZ. Your Expressway then acts as a proxy server between the two networks, allowing calls to pass
between the internal and outer firewalls that make up your DMZ.
network in the DMZ. Your Expressway then acts as a proxy server between the two networks, allowing calls to pass
between the internal and outer firewalls that make up your DMZ.
When Advanced Networking is enabled, all ports configured on the Expressway, including those relating to firewall
traversal, apply to both IP addresses; you cannot configure ports separately for each IP address.
traversal, apply to both IP addresses; you cannot configure ports separately for each IP address.
48
Cisco Expressway Administrator Guide
Firewall Traversal