Cisco Cisco Expressway Maintenance Manual
■
SIP functionality and SIP-specific transport modes and ports
■
certificate revocation checking modes for TLS connections
SIP Functionality and SIP-Specific Transport Modes and Ports
This section contains the basic settings for enabling SIP functionality and for configuring the various SIP-specific
transport modes and ports. The configurable options are:
transport modes and ports. The configurable options are:
Field
Description
Usage tips
SIP mode
Enables and disables SIP functionality on the Expressway.
Default is On.
Default is On.
SIP protocols
and ports
and ports
The Expressway supports SIP over UDP, TCP and TLS
transport protocols. Use the Mode and Port settings for
each protocol to configure whether or not incoming and
outgoing connections using that protocol are supported,
and if so, the ports on which the Expressway listens for
such connections.
each protocol to configure whether or not incoming and
outgoing connections using that protocol are supported,
and if so, the ports on which the Expressway listens for
such connections.
The default modes and ports are:
■
UDP mode Off, port 5060
■
TCP mode On, port 5060
■
TLS mode On, port 5061
■
Mutual TLS mode Off, port 5062
At least one of the transport protocol
modes must be On to enable SIP
modes must be On to enable SIP
functionality.
TCP outbound
port start /
end
port start /
end
The range of ports the Expressway uses when TCP and
TLS connections are established. The default range is
25000 to 29999.
TLS connections are established. The default range is
25000 to 29999.
The range must be sufficient to
support all required concurrent
connections.
support all required concurrent
connections.
TLS
handshake
timeout
handshake
timeout
The timeout period for TLS socket handshake. Default is 5
seconds.
seconds.
You may want to increase this value
if TLS server certificate validation is
slow (e.g. if OCSP servers do not
provide timely responses) and thus
cause connection attempts to
timeout.
if TLS server certificate validation is
slow (e.g. if OCSP servers do not
provide timely responses) and thus
cause connection attempts to
timeout.
Certificate Revocation Checking Modes
This section controls the certificate revocation checking modes for SIP TLS connections. The configurable options
are:
are:
Field
Description
Usage tips
Certificate
revocation
checking
mode
revocation
checking
mode
Controls whether revocation checking is performed for
certificates exchanged during SIP TLS connection
establishment.
certificates exchanged during SIP TLS connection
establishment.
We recommend that revocation
checking is enabled.
checking is enabled.
Use OCSP
Controls whether the Online Certificate Status Protocol
(OCSP) may be used to perform certificate revocation
checking.
(OCSP) may be used to perform certificate revocation
checking.
To use OCSP, the X.509 certificate
to be checked must contain an
OCSP responder URI.
to be checked must contain an
OCSP responder URI.
91
Cisco Expressway Administrator Guide
Protocols