Cisco Cisco Expressway
1. On Expressway-C, go to
Configuration > Domains
.
2. Select the domains (or create a new domain, if not already configured) for which services are to be routed
to Unified CM.
3. For each domain, turn On the services for that domain that Expressway is to support. The available
services are:
l
SIP registrations and provisioning on Unified CM: endpoint registration, call control and
provisioning for this SIP domain is serviced by Unified CM. The Expressway acts as a Unified
Communications gateway to provide secure firewall traversal and line-side support for Unified CM
registrations.
provisioning for this SIP domain is serviced by Unified CM. The Expressway acts as a Unified
Communications gateway to provide secure firewall traversal and line-side support for Unified CM
registrations.
l
IM and Presence services on Unified CM: instant messaging and presence services for this SIP
domain are provided by the Unified CM IM and Presence service.
domain are provided by the Unified CM IM and Presence service.
Turn On all of the applicable services for each domain.
Discovering IM&P and Unified CM servers
The Expressway-C must be configured with the address details of the IM&P servers and Unified CM servers
that are to provide registration, call control, provisioning, messaging and presence services.
that are to provide registration, call control, provisioning, messaging and presence services.
Note that IM&P server configuration is not required in the hybrid deployment model.
Uploading the IM&P / Unified CM tomcat certificate to the Expressway-C trusted CA list
If you intend to have TLS verify mode set to On (the default and recommended setting) when discovering
the IM&P and Unified CM servers, the Expressway-C must be configured to trust the tomcat certificate
presented by those IM&P and Unified CM servers.
the IM&P and Unified CM servers, the Expressway-C must be configured to trust the tomcat certificate
presented by those IM&P and Unified CM servers.
1. Determine the relevant CA certificates to upload:
l
If the servers are using self-signed certificates, the Expressway-C's trusted CA list must include a
copy of the tomcat certificate from every IM&P / Unified CM server.
copy of the tomcat certificate from every IM&P / Unified CM server.
l
If the servers are using CA-signed certificates, the Expressway-C's trusted CA list must include the
root CA of the issuer of the tomcat certificates.
root CA of the issuer of the tomcat certificates.
2. Upload the trusted Certificate Authority (CA) certificates to the Expressway-C (
Maintenance > Security
certificates > Trusted CA certificate
).
3. Restart the Expressway-C for the new trusted CA certificates to take effect (
Maintenance > Restart
options
).
Unified Communications: Mobile and Remote Access via Cisco Expressway Deployment Guide (X8.1.1)
Page 15 of 36
Configuring mobile and remote access on Expressway