Cisco Cisco Expressway
■
The Expressway-E listens on port 2222 for SSH tunnel traffic. The only legitimate sender of such traffic is the
Expressway-C (cluster). Therefore we recommend that you create the following firewall rules for the SSH
tunnels service:
Expressway-C (cluster). Therefore we recommend that you create the following firewall rules for the SSH
tunnels service:
—
one or more rules to allow all of the Expressway-C peer addresses (via the internal LAN interface, if
appropriate)
appropriate)
—
followed by a lower priority (higher number) rule that drops all traffic for the SSH tunnels service (on the
internal LAN interface if appropriate, and if so, another rule to drop all traffic on the external interface)
internal LAN interface if appropriate, and if so, another rule to drop all traffic on the external interface)
Additional Information
Unified CM Dial Plan
The Unified CM dial plan is not impacted by devices registering via Expressway. Remote and mobile devices still
register directly to Unified CM and their dial plan will be the same as when it is registered locally.
register directly to Unified CM and their dial plan will be the same as when it is registered locally.
Expressway Call Types and Licensing
The Expressway distinguishes between the following 2 types of call:
■
Unified CM remote sessions: these are "mobile and remote access" calls i.e.video or audio calls from
devices located outside the enterprise that are routed via the Expressway firewall traversal solution to
endpoints registered to Unified CM. These calls do not require rich media session licenses, although they do
contribute to overall load.
devices located outside the enterprise that are routed via the Expressway firewall traversal solution to
endpoints registered to Unified CM. These calls do not require rich media session licenses, although they do
contribute to overall load.
■
Rich media sessions: these calls consume rich media session licenses and consist of every other type of
video or audio call that is routed through the Expressway. This includes business-to-business calls, B2BUA
calls, and interworked or gatewayed calls to third-party solutions. The Expressway may take the media
(traversal) or just the signaling (non-traversal).
video or audio call that is routed through the Expressway. This includes business-to-business calls, B2BUA
calls, and interworked or gatewayed calls to third-party solutions. The Expressway may take the media
(traversal) or just the signaling (non-traversal).
Audio-only SIP traversal calls are treated distinctly from video SIP traversal calls. Each rich media session
license allows either 1 video call or 2 audio-only SIP traversal calls. Hence, a 100 rich media session license
would allow, for example, 90 video and 20 SIP audio-only simultaneous calls. Any other audio-only call (non-
traversal, H.323 or interworked) will consume a rich media session license.
license allows either 1 video call or 2 audio-only SIP traversal calls. Hence, a 100 rich media session license
would allow, for example, 90 video and 20 SIP audio-only simultaneous calls. Any other audio-only call (non-
traversal, H.323 or interworked) will consume a rich media session license.
Note that:
■
Expressway defines an "audio-only" SIP call as one that was negotiated with a single “m=” line in the SDP.
Thus, for example, if a person makes a “telephone” call but the SIP UA includes an additional m= line in the
SDP, the call will consume a video call license.
Thus, for example, if a person makes a “telephone” call but the SIP UA includes an additional m= line in the
SDP, the call will consume a video call license.
■
While an "audio-only" SIP call is being established, it is treated (licensed) as a video call. It only becomes
licensed as "audio-only" when the call setup has completed. This means that if your system approaches its
maximum licensed limit, you may be unable to connect some "audio-only" calls if they are made
simultaneously.
licensed as "audio-only" when the call setup has completed. This means that if your system approaches its
maximum licensed limit, you may be unable to connect some "audio-only" calls if they are made
simultaneously.
■
The Expressway does not support midcall license optimization.
Deploying Unified CM and Expressway in Different Domains
Unified CM nodes and Expressway peers can be located in different domains. For example, your Unified CM nodes
may be in the
may be in the
enterprise.com
domain and your Expressway system may be in the
edge.com
domain.
In this case, Unified CM nodes must use IP addresses or FQDNs for the Server host name / IP address to ensure that
Expressway can route traffic to the relevant Unified CM nodes.
Expressway can route traffic to the relevant Unified CM nodes.
Unified CM servers and IM&P servers must share the same domain.
36
Mobile and Remote Access Through Cisco Expressway Deployment Guide
Additional Information