Cisco Cisco Expressway Maintenance Manual
Traversal client
Expressway-E traversal server
Expressway-C
The Expressway client provides its Username and
Password. These are set on the traversal client
zone by using Configuration > Zones > Zones >
Edit zone, in the Connection credentials section.
Password. These are set on the traversal client
zone by using Configuration > Zones > Zones >
Edit zone, in the Connection credentials section.
The traversal server zone for the Expressway client must be
configured with the client's authentication Username. This is
set on the Expressway-E by using Configuration > Zones >
Zones > Edit zone, in the Connection credentials section.
configured with the client's authentication Username. This is
set on the Expressway-E by using Configuration > Zones >
Zones > Edit zone, in the Connection credentials section.
There must also be an entry in the Expressway-E’s
authentication database with the corresponding client
username and password.
authentication database with the corresponding client
username and password.
Endpoint
The endpoint client provides its Authentication ID
and Authentication Password.
and Authentication Password.
There must be an entry in the Expressway-E’s authentication
database with the corresponding client username and
password.
database with the corresponding client username and
password.
Note that all Expressway traversal clients must authenticate with the Expressway-E.
Authentication and NTP
All Expressway traversal clients that support H.323 must authenticate with the Expressway-E. The authentication
process makes use of timestamps and requires that each system uses an accurate system time. The system time on
an Expressway is provided by a remote NTP server. Therefore, for firewall traversal to work, all systems involved must
be configured with details of an
process makes use of timestamps and requires that each system uses an accurate system time. The system time on
an Expressway is provided by a remote NTP server. Therefore, for firewall traversal to work, all systems involved must
be configured with details of an
.
About ICE and TURN Services
About ICE
ICE (Interactive Connectivity Establishment) provides a mechanism for SIP client NAT traversal. ICE is not a protocol,
but a framework which pulls together a number of different techniques such as TURN and STUN.
but a framework which pulls together a number of different techniques such as TURN and STUN.
It allows endpoints (clients) residing behind NAT devices to discover paths through which they can pass media, verify
peer-to-peer connectivity via each of these paths and then select the optimum media connection path. The available
paths typically depend on any inbound and outbound connection restrictions that have been configured on the NAT
device. Such behavior is described in
peer-to-peer connectivity via each of these paths and then select the optimum media connection path. The available
paths typically depend on any inbound and outbound connection restrictions that have been configured on the NAT
device. Such behavior is described in
.
An example usage of ICE is two home workers communicating via the internet. If the two endpoints can communicate
via ICE the Expressway-E may (depending on how the NAT devices are configured) only need to take the signaling
and not take the media. If the initiating ICE client attempts to call a non-ICE client, the call set-up process reverts to a
conventional SIP call requiring NAT traversal via media latching where the Expressway also takes the media.
via ICE the Expressway-E may (depending on how the NAT devices are configured) only need to take the signaling
and not take the media. If the initiating ICE client attempts to call a non-ICE client, the call set-up process reverts to a
conventional SIP call requiring NAT traversal via media latching where the Expressway also takes the media.
About TURN
TURN (Traversal Using Relays around NAT) services are relay extensions to the STUN network protocol that enable a
SIP or H.323 client to communicate via UDP or TCP from behind a NAT device.
SIP or H.323 client to communicate via UDP or TCP from behind a NAT device.
, and for detailed information about the base STUN protocol, see
.
Each ICE client requests the TURN server to allocate relays for the media components of the call. A relay is required
for each component in the media stream between each client.
for each component in the media stream between each client.
After the relays are allocated, each ICE client has 3 potential connection paths (addresses) through which it can send
and receive media:
and receive media:
■
its host address which is behind the NAT device (and thus not reachable from endpoints on the other side of
the NAT)
the NAT)
43
Cisco Expressway Administrator Guide