Cisco Cisco Expressway
Name
A name indicating that this is an encrypted profile.
Description
Enter a textual description as required.
Device Security Mode
Encrypted.
Incoming Transport Type
TLS.
Outgoing Transport Type
TLS.
Enable Digest
Authentication
Authentication
Leave unselected.
X.509 Subject Name
The subject name or an subject alternate name provided by the Expressway
in its certificate. For Expressway clusters, ensure that this list includes all of
the names contained within all of the peers' certificates. To specify multiple
X.509 names, separate each name by a space, comma, semicolon or colon.
in its certificate. For Expressway clusters, ensure that this list includes all of
the names contained within all of the peers' certificates. To specify multiple
X.509 names, separate each name by a space, comma, semicolon or colon.
Incoming Port
5061
Accept Unsolicited
Notification
Notification
Select this check box
Accept Replaces Header
Select this check box
Other parameters
Leave all other parameters unselected.
5. Click Save.
Updating the Unified CM trunk to Expressway to use TLS
On Unified CM:
1. Go to
Device > Trunk
.
2. Using Find, select the Device Name previously set up for the trunk to the Expressway.
3. Configure the following fields:
SIP Information
section
Destination Port
5061 (unless using DNS SRV, in which case ensure the SRV records are set up
correctly).
correctly).
SIP Trunk Security
Profile
Profile
Select the trunk profile set up above.
Leave other parameters as previously configured.
4. Click Save.
5. Click Reset.
Updating the Expressway neighbor zone to Unified CM to use
TLS
TLS
Note that Expressway will report that the Unified CM zone is active even while it is communicating with
Unified CM over TCP. The changes below are necessary to enable communications over TLS.
Unified CM over TCP. The changes below are necessary to enable communications over TLS.
Microsoft Lync and Cisco Expressway Deployment Guide (X8.2)
Page 45 of 67
Connecting Expressway to Unified CM using TLS