Cisco Cisco TelePresence Video Communication Server Expressway 관리 매뉴얼
Setting up secure VCS traversal zones
To support Unified Communications features such as mobile and remote access, there must be a secure
traversal zone connection between the VCS Control and the VCS Expressway:
traversal zone connection between the VCS Control and the VCS Expressway:
n
The traversal client zone and the traversal server zone must be configured to use SIP TLS with TLS verify
mode set to On, and Media encryption mode must be Force encrypted.
mode set to On, and Media encryption mode must be Force encrypted.
n
Both VCSs must trust each other's server certificate. As each VCS acts both as a client and as a server
you must ensure that each VCS’s certificate is valid both as a client and as a server.
you must ensure that each VCS’s certificate is valid both as a client and as a server.
n
If a H.323 or a non-encrypted connection is required, a separate pair of traversal zones must be configured.
To set up a secure traversal zone, configure your VCS Control and VCS Expressway as follows:
1. Go to
Configuration > Zones > Zones
.
2. Click New.
3. Configure the fields as follows (leave all other fields with default values):
VCS Control
VCS Expressway
Name
"Traversal zone" for example
"Traversal zone" for example
Type
Traversal client
Traversal server
Username
"exampleauth" for example
"exampleauth" for example
Password
"ex4mpl3.c0m" for example
Click Add/Edit local authentication database,
then in the popup dialog click New and enter
the Name ("exampleauth") and Password
("ex4mpl3.c0m") and click Create credential.
then in the popup dialog click New and enter
the Name ("exampleauth") and Password
("ex4mpl3.c0m") and click Create credential.
H.323 Mode
Off
Off
SIP
section
Mode
On
On
Port
7001
7001
Transport
TLS
TLS
Unified
Communications
services
Communications
services
Yes
Yes
TLS verify mode
On
On
TLS verify subject
name
name
Not applicable
Enter the name to look for in the traversal
client's certificate (must be in either the Subject
Common Name or the Subject Alternative
Name attributes). If there is a cluster of traversal
clients, specify the cluster name here and
ensure that it is included in each client's
certificate.
client's certificate (must be in either the Subject
Common Name or the Subject Alternative
Name attributes). If there is a cluster of traversal
clients, specify the cluster name here and
ensure that it is included in each client's
certificate.
Media encryption
mode
mode
Force encrypted
Force encrypted
Authentication
section
Cisco VCS Administrator Guide (X8.1.1)
Page 74 of 507
Unified Communications
Configuring mobile and remote access on VCS