Cisco Cisco TelePresence Video Communication Server Expressway
Unified CM servers and IM&P servers must share the same domain.
SIP trunks between Unified CM and VCS Control
VCS deployments for mobile and remote access do not require SIP trunk connections between Unified CM
and VCS Control. Note that the automatically generated neighbor zones between VCS Control and each
discovered Unified CM node are not SIP trunks.
and VCS Control. Note that the automatically generated neighbor zones between VCS Control and each
discovered Unified CM node are not SIP trunks.
However, you may still configure a SIP trunk if required (for example, to enable B2B callers or endpoints
registered to VCS to call endpoints registered to Unified CM).
registered to VCS to call endpoints registered to Unified CM).
If a SIP trunk is configured, you must ensure that it uses a different listening port on Unified CM from that
used for SIP line registrations to Unified CM. An alarm is raised on VCS Control if a conflict is detected.
used for SIP line registrations to Unified CM. An alarm is raised on VCS Control if a conflict is detected.
Configuring line registration listening ports on Unified CM
The listening ports used for line registrations to Unified CM are configured via
System > Cisco Unified CM
.
The SIP Phone Port and SIP Phone Secure Port fields define the ports used for TCP and TLS connections
respectively and are typically set to 5060/5061.
respectively and are typically set to 5060/5061.
Configuring SIP trunk listening ports
The ports used for SIP trunks are configured on both Unified CM and VCS.
On Unified CM:
1. Go to
System > Security > SIP Trunk Security Profile
and select the profile used for the SIP trunk.
If this profile is used for connections from other devices, you may want to create a separate security
profile for the SIP trunk connection to VCS.
profile for the SIP trunk connection to VCS.
2. Configure the Incoming Port to be different from that used for line registrations.
3. Click Save and then click Apply Config.
On VCS:
1. Go to
Configuration > Zones > Zones
and select the Unified CM neighbor zone used for the SIP trunk.
(Note that the automatically generated neighbor zones between VCS Control and each discovered
Unified CM node for line side communications are non-configurable.)
Unified CM node for line side communications are non-configurable.)
2. Configure the SIP Port to the same value as the Incoming Port configured on Unified CM.
3. Click Save.
for more information about configuring a SIP trunk.
Configuring secure communications
This deployment requires secure communications between the VCS Control and the VCS Expressway, and
between the VCS Expressway and endpoints located outside the enterprise. This involves the mandating of
encrypted TLS communications for HTTP, SIP and XMPP, and, where applicable, the exchange and
checking of certificates. Jabber endpoints must supply a valid username and password combination, which
will be validated against credentials held in Unified CM. All media is secured over SRTP.
between the VCS Expressway and endpoints located outside the enterprise. This involves the mandating of
encrypted TLS communications for HTTP, SIP and XMPP, and, where applicable, the exchange and
checking of certificates. Jabber endpoints must supply a valid username and password combination, which
will be validated against credentials held in Unified CM. All media is secured over SRTP.
VCS Control automatically generates non-configurable neighbor zones between itself and each discovered
Unified CM node. A TCP zone is always created, and a TLS zone is created also if the Unified CM node is
configured with a Cluster Security Mode (
Unified CM node. A TCP zone is always created, and a TLS zone is created also if the Unified CM node is
configured with a Cluster Security Mode (
System > Enterprise Parameters > Security Parameters
) of 1
Unified Communications Mobile and Remote Access via Cisco VCS Deployment Guide (X8.6)
Page 42 of 55
Additional information