Cisco Cisco Expressway Maintenance Manual
Field
Description
Usage tips
Use CRLs
Controls whether Certificate Revocation Lists (CRLs) are
used to perform certificate revocation checking.
used to perform certificate revocation checking.
CRLs can be used if the certificate
does not support OCSP.
does not support OCSP.
CRLs can be loaded manually onto
the Expressway, downloaded
automatically from preconfigured
URIs (see
the Expressway, downloaded
automatically from preconfigured
URIs (see
),
or downloaded automatically from a
CRL distribution point (CDP) URI
contained in the X.509 certificate.
CRL distribution point (CDP) URI
contained in the X.509 certificate.
Allow CRL
downloads
from CDPs
downloads
from CDPs
Controls whether the download of CRLs from the CDP URIs
contained in X.509 certificates is allowed.
contained in X.509 certificates is allowed.
Fallback
behavior
behavior
Controls the revocation checking behavior if the revocation
status cannot be established, for example if the revocation
source cannot be contacted.
status cannot be established, for example if the revocation
source cannot be contacted.
Treat as revoked: treat the certificate as revoked (and thus
do not allow the TLS connection).
do not allow the TLS connection).
Treat as not revoked: treat the certificate as not revoked.
Default: Treat as not revoked
Treat as not revoked ensures that
your system continues to operate in
a normal manner if the revocation
source cannot be contacted,
however it does potentially mean
that revoked certificates will be
accepted.
a normal manner if the revocation
source cannot be contacted,
however it does potentially mean
that revoked certificates will be
accepted.
Advanced SIP Settings
Field
Description
Usage tips
SDP max size
Specifies the maximum size of SDP payload that can be
handled by the Expressway (in bytes)
handled by the Expressway (in bytes)
Default is 32768 bytes.
SIP TCP connect
timeout
timeout
Specifies the maximum number of seconds to wait for an
outgoing SIP TCP connection to be established.
outgoing SIP TCP connection to be established.
Default is 10 seconds.
You can reduce this to speed up
the time between attempting a
broken route (eg. unavailable
onward SIP proxy peer) and failing
over to a good one.
the time between attempting a
broken route (eg. unavailable
onward SIP proxy peer) and failing
over to a good one.
Be careful in high latency networks
that you leave enough time for the
connection to establish.
that you leave enough time for the
connection to establish.
Configuring Domains
The Domains page (Configuration > Domains) lists the domains managed by this Expressway for Unified
Communications services.
Communications services.
A domain name can comprise multiple levels. Each level's name can only contain letters, digits and hyphens, with
each level separated by a period (dot). A level name cannot start or end with a hyphen, and the final level name must
start with a letter. An example valid domain name is
each level separated by a period (dot). A level name cannot start or end with a hyphen, and the final level name must
start with a letter. An example valid domain name is
100.example-name.com
.
92
Cisco Expressway Administrator Guide
Protocols