Cisco Cisco Expressway
Configuration overview
This section summarizes the steps involved in configuring your Unified Communications system for mobile
and remote access. It assumes that you already have set up:
and remote access. It assumes that you already have set up:
n
the Expressway-E in the DMZ)
n
Prerequisites
Ensure that you are running the following software versions:
n
Expressway X8.1.1 or later
n
Unified CM 9.1(2)SU1 or later and IM & Presence 9.1(1) or later
Supported clients when using mobile and remote access
n
Cisco Jabber for Windows 9.7 or later
n
Cisco Jabber for iOS (iPhone and iPad) 9.6.1 or later
n
Cisco Jabber for Android 9.6 or later
n
Cisco TelePresence endpoints/codecs running TC7.0.1 or later firmware
Configuration summary
EX/MX/SX Series endpoints (running TC software)
Ensure that the provisioning mode is set to Cisco UCM via Expressway.
These endpoints must verify the identity of the Expressway-E they are connecting to by validating its server
certificate. To do this, they must have the certificate authority that was used to sign the Expressway-E's
server certificate in their list of trusted CAs.
certificate. To do this, they must have the certificate authority that was used to sign the Expressway-E's
server certificate in their list of trusted CAs.
These endpoints ship with a list of default CAs which cover the most common providers (Verisign, Thawte,
etc). If the relevant CA is not included, it must be added. See 'Managing the list of trusted certificate
authorities' in the endpoint's administrator guide.
etc). If the relevant CA is not included, it must be added. See 'Managing the list of trusted certificate
authorities' in the endpoint's administrator guide.
Client certificates are optional. If used, they should be installed by provisioning while the endpoint is inside
the enterprise network, before taking it outside.
the enterprise network, before taking it outside.
Jabber clients
Jabber clients must verify the identity of the Expressway-E they are connecting to by validating its server
certificate. To do this, they must have the certificate authority that was used to sign the Expressway-E's
server certificate in their list of trusted CAs.
certificate. To do this, they must have the certificate authority that was used to sign the Expressway-E's
server certificate in their list of trusted CAs.
Jabber uses the underlying operating system's certificate mechanism:
Unified Communications: Mobile and Remote Access via Cisco Expressway Deployment Guide (X8.1.1)
Page 9 of 36
Configuration overview