Cisco Cisco Expressway Manuel De Maintenance
Field
Description
Usage tips
Transport
Determines which transport type is used for SIP calls to and
from the traversal server. The default is TLS.
from the traversal server. The default is TLS.
TLS verify mode
Controls X.509 certificate checking and mutual
authentication between this Expressway and the traversal
server when communicating over TLS.
authentication between this Expressway and the traversal
server when communicating over TLS.
for more information.
Media
encryption
mode
encryption
mode
Controls the media encryption policy applied by the
Expressway for SIP calls (including interworked calls) to
and from this zone.
Expressway for SIP calls (including interworked calls) to
and from this zone.
for
more information.
ICE support
Controls whether ICE messages are supported by the
devices in this zone.
devices in this zone.
for more
information.
Poison mode
Determines if SIP requests sent to systems located via this
zone are "poisoned" such that if they are received by this
Expressway again they will be rejected.
zone are "poisoned" such that if they are received by this
Expressway again they will be rejected.
Authentication section:
Authentication
policy
policy
Controls how the Expressway authenticates incoming
messages from this zone and whether they are
subsequently treated as authenticated, unauthenticated, or
are rejected. The behavior varies for H.323 messages, SIP
messages that originate from a local domain and SIP
messages that originate from non-local domains.
messages from this zone and whether they are
subsequently treated as authenticated, unauthenticated, or
are rejected. The behavior varies for H.323 messages, SIP
messages that originate from a local domain and SIP
messages that originate from non-local domains.
for more information.
Client settings section:
Retry interval
The interval in seconds with which a failed attempt to
establish a connection to the traversal server should be
retried.
establish a connection to the traversal server should be
retried.
Location section:
Peer 1 to Peer 6
address
address
The IP address or FQDN of the traversal server.
If the traversal server is an Expressway-E cluster, this
should include all of its peers.
should include all of its peers.
for more information.
Configuring Traversal Server Zones
An Expressway-E can act as a traversal server, providing firewall traversal on behalf of traversal clients (an
Expressway-C).
Expressway-C).
For firewall traversal to work, the traversal server (Expressway-E) must have a special type of two-way relationship
with each traversal client. To create this connection between a Expressway-E and a Expressway-C, see
with each traversal client. To create this connection between a Expressway-E and a Expressway-C, see
. For full details on how traversal client zones and traversal server zones work
.
Note:
to make sure that traversal zones to work.
After you have neighbored with the traversal client you can:
■
provide firewall traversal services to the traversal client
■
query the traversal client about its endpoints
■
apply transforms to any queries before they are sent to the traversal client
■
control the bandwidth used for calls between your local Expressway and the traversal client
107
Cisco Expressway Administrator Guide