Cisco Cisco Expressway
Configuring DNS and NTP settings
Check and configure the basic system settings on Expressway:
1. Ensure that System host name and Domain name are specified (
System > DNS
).
2. Ensure that public DNS servers are specified (
System > DNS
).
3. Ensure that all Expressway systems are synchronized to a reliable NTP service (
System > Time
). Use
an Authentication method in accordance with your local policy.
If you have a cluster of Expressways you must do this for every peer.
Configuring the Expressway-E for Unified Communications
To enable mobile and remote access functionality:
1. Go to
Configuration > Unified Communications > Configuration
.
2. Set Unified Communications mode to Mobile and remote access.
3. Click Save.
Ensuring that TURN services are disabled on Expressway-E
You must ensure that TURN services are disabled on the Expressway-E used for mobile and remote access.
1. Go to
Configuration > Traversal > TURN
.
2. Ensure that TURN services are Off.
Setting up Expressway security certificates
This deployment requires secure communications between the Expressway-C and the Expressway-E, and
between the Expressway-E and endpoints located outside the enterprise. Therefore, you must:
between the Expressway-E and endpoints located outside the enterprise. Therefore, you must:
1. Install a suitable server certificate on both the Expressway-C and the Expressway-E. The certificate on
each Expressway has different requirements for what needs to be included as subject alternate names as
described in
described in
Expressway-C / Expressway-E server certificate requirements
below.
l
The certificate must include the Client Authentication extension. (The system will not allow you to
upload a server certificate without this extension when mobile and remote access is enabled.)
upload a server certificate without this extension when mobile and remote access is enabled.)
l
The Expressway includes a built-in mechanism to generate a certificate signing request (CSR) and is
the recommended method for generating a CSR. This CSR includes the client authentication request
and can be used to help ensure each Expressway certificate includes the correct subject alternate
names for Unified Communications and to establish a secure traversal zone. Ensure that the CA that
signs the request does not strip out the client authentication extension.
the recommended method for generating a CSR. This CSR includes the client authentication request
and can be used to help ensure each Expressway certificate includes the correct subject alternate
names for Unified Communications and to establish a secure traversal zone. Ensure that the CA that
signs the request does not strip out the client authentication extension.
l
To generate a CSR and /or to upload a server certificate to the Expressway, go to
Maintenance >
Security certificates > Server certificate
. You must restart the Expressway for the new server
certificate to take effect.
Unified Communications: Mobile and Remote Access via Cisco Expressway Deployment Guide (X8.1.1)
Page 18 of 36
Configuring mobile and remote access on Expressway