Cisco Cisco Expressway
Expressway-C will verify the CallManager certificate for subsequent SIP communications. Each zone is
created with a name in the format 'CEtcp-<node name>' or 'CEtls-<node name>'.
created with a name in the format 'CEtcp-<node name>' or 'CEtls-<node name>'.
A non-configurable search rule, following the same naming convention, is also created automatically for each
zone. The rules are created with a priority of 45. If the Unified CM node that is targeted by the search rule has
a long name, the search rule will use a regex for its address pattern match.
zone. The rules are created with a priority of 45. If the Unified CM node that is targeted by the search rule has
a long name, the search rule will use a regex for its address pattern match.
Note that load balancing is managed by Unified CM when it passes routing information back to the registering
endpoints.
endpoints.
Configuring the HTTP server allow list (whitelist) on
Expressway-C
Expressway-C
Jabber client endpoints may need to access additional web services inside the enterprise. This requires an
"allow list" of servers to be configured to which the Expressway will grant access for HTTP traffic originating
from outside the enterprise.
"allow list" of servers to be configured to which the Expressway will grant access for HTTP traffic originating
from outside the enterprise.
The features and services that may be required, and would need whitelisting, include:
n
Visual Voicemail
n
Jabber Update Server
n
Custom HTML tabs / icons
n
Directory Photo Host
To configure the set of addresses to which HTTP access will be allowed:
1. On Expressway-C, go to
Configuration > Unified Communications > Configuration
.
2. Click HTTP server allow list.
3. Configure the hostnames or IP addresses of any HTTP servers that external Jabber clients are allowed to
access.
Access is granted if the server portion of the client-supplied URI matches one of the names entered here,
or if it resolves via DNS lookup to a specified IP address.
Access is granted if the server portion of the client-supplied URI matches one of the names entered here,
or if it resolves via DNS lookup to a specified IP address.
Expressway-C automatically whitelists the IP addresses of all discovered Unified CM nodes (that are
running the CallManager or TFTP service), IM and Presence Service nodes, and Cisco Unity Connection
nodes. These entries cannot be deleted. They are displayed in the
running the CallManager or TFTP service), IM and Presence Service nodes, and Cisco Unity Connection
nodes. These entries cannot be deleted. They are displayed in the
Auto-configured allow list
section of the
HTTP server allow list
page.
Setting up the Expressway-E
This section describes the configuration steps required on the Expressway-E.
Configuring DNS and NTP settings
Check and configure the basic system settings on Expressway:
1. Ensure that System host name and Domain name are specified (
System > DNS
).
Note that <System host name>.<Domain name> is the FQDN of this Expressway-E. Ensure that this
FQDN is resolvable in public DNS.
FQDN is resolvable in public DNS.
2. Ensure that public DNS servers are specified (
System > DNS
).
Unified Communications Mobile and Remote Access via Cisco Expressway Deployment Guide (X8.5)
Page 25 of 50
Configuring mobile and remote access on Expressway