Cisco Cisco Expressway
Configuring Traversal Zones for Unified Communications
To support Unified Communications features such as Mobile and Remote Access or Jabber Guest, there must be a
secure traversal zone connection between the Expressway-C and the Expressway-E:
secure traversal zone connection between the Expressway-C and the Expressway-E:
■
The Expressway-C and Expressway-E must be configured with a zone of type
Unified Communications traversal.
This automatically configures an appropriate traversal zone (a traversal client zone when selected on a
Expressway-C, or a traversal server zone when selected on an Expressway-E) that uses SIP TLS with TLS verify
mode set to
Expressway-C, or a traversal server zone when selected on an Expressway-E) that uses SIP TLS with TLS verify
mode set to
On, and Media encryption mode set to Force encrypted.
■
Both Expressways must trust each other's server certificate. As each Expressway acts both as a client and as a
server you must ensure that each Expressway’s certificate is valid both as a client and as a server.
server you must ensure that each Expressway’s certificate is valid both as a client and as a server.
■
If an H.323 or a non-encrypted connection is also required, a separate pair of traversal zones must be
configured.
configured.
Neighboring Between Expressway Clusters
You can neighbor your local Expressway (or Expressway cluster) to a remote Expressway cluster; this remote cluster
could be a neighbor, traversal client, or traversal server to your local Expressway. In this case, when a call is received on
your local Expressway and is passed via the relevant zone to the remote cluster, it will be routed to whichever peer in
that neighboring cluster has the lowest resource usage. That peer will then forward the call as appropriate to one of its
external zones.
could be a neighbor, traversal client, or traversal server to your local Expressway. In this case, when a call is received on
your local Expressway and is passed via the relevant zone to the remote cluster, it will be routed to whichever peer in
that neighboring cluster has the lowest resource usage. That peer will then forward the call as appropriate to one of its
external zones.
Lowest resource usage is determined by comparing the number of available media sessions (maximum - current use)
on the peers, and choosing the peer with the highest number. Peers that are in maintenance mode are not considered.
on the peers, and choosing the peer with the highest number. Peers that are in maintenance mode are not considered.
When configuring a connection to a remote cluster, you create a single zone and configure it with details of all the peers
in the cluster. Adding this information to the zone ensures that the call is passed to that cluster regardless of the status of
the individual peers.
in the cluster. Adding this information to the zone ensures that the call is passed to that cluster regardless of the status of
the individual peers.
You also need to enter the IP address of all peers in the remote cluster when the connection is via a neighbor or
traversal client zone. You do not do this for traversal server zones, as these connections are not configured by
specifying the remote system's IP address.
traversal client zone. You do not do this for traversal server zones, as these connections are not configured by
specifying the remote system's IP address.
Note:
Systems that are configured as peers must not also be configured as neighbors to each other, and vice versa.
Neighboring your clusters
To neighbor your local Expressway (or Expressway cluster) to a remote Expressway cluster, you create a single zone to
represent the cluster and configure it with the details of all the peers in that cluster:
represent the cluster and configure it with the details of all the peers in that cluster:
1.
On your local Expressway (or, if the local Expressway is a cluster, on the primary peer), create a zone of the
appropriate type. This zone will represent the connection to the cluster.
appropriate type. This zone will represent the connection to the cluster.
2.
In the Location section, enter the IP address or FQDN of each peer in the remote cluster in the Peer 1 to Peer 6
address fields.
address fields.
Note that:
■
Ideally you should use IP addresses in these fields. If you use FQDNs instead, each FQDN must be different and
must resolve to a single IP address for each peer.
must resolve to a single IP address for each peer.
■
The order in which the peers in the remote Expressway cluster are listed here does not matter.
17
Cisco Expressway-E and Expressway-C - Basic Configuration Deployment Guide