Remote-access Guide

cisco expressway mobile and remote access 8.10

by Keven Krajcik Published 2 years ago Updated 2 years ago
image

What is the latest release of the Cisco Expressway deployment guide?

Mobile and Remote Access via Cisco Expressway Deployment Guide (X8.10) Mobile and Remote Access Through Cisco Expressway Deployment Guide First Published: April 2014 Last Updated: September 2018 Cisco Expressway X8.10 CiscoSystems,Inc.     www.cisco.com

How do I enable automated intrusion protection in Expressway-c?

See Automated Intrusion Protection, page 1. Enabling the Expressway-C for Mobile and Remote Access To enable Mobile and Remote Access functionality: 1.Go to Configuration > Unified Communications > Configuration. 2.Set Unified Communications mode to Mobile and Remote Access. 3.Click Save.

Does Expressway support Cisco Jabber mobile and remote access?

■Expressway is already providing Mobile and Remote Access for Cisco Jabber.  ■All other devices in the call flow are similarly enabled.  ■You have the following minimum product versions installed, or later:  —Expressway X8.10.1 (preview status only in X8.10)

How to enable the expressway-C for mobile and remote access functionality?

Enabling the Expressway-C for Mobile and Remote Access To enable Mobile and Remote Access functionality: 1.Go to Configuration > Unified Communications > Configuration. 2.Set Unified Communications mode to Mobile and Remote Access. 3.Click Save.

image

What is Cisco Mobile Remote Access?

The Cisco Mobile and Remote Access (MRA) feature is a “client edge” solution that allows external software and hardware clients to register to enterprise Cisco Unified Communication (UC) solutions without requiring a VPN.

What is the purpose of mobile and remote access MRA in the Cisco CUCM architecture?

The Mobile and Remote Access solution (MRA) supports a hybrid on-premises and cloud-based service model. This provides a consistent experience inside and outside the enterprise. MRA provides a secure connection for Jabber application traffic without having to connect to the corporate network over a VPN.

What is Cisco Expressway C and E?

Cisco Expressway is designed specifically for comprehensive collaboration services. It features established firewall-traversal technology and helps redefine traditional enterprise collaboration boundaries, supporting our vision of any-to-any collaboration.

What is Cisco expressway used for?

Cisco Expressway is a powerful gateway solution specifically designed for comprehensive collaboration services provided through Cisco Unified Communications Manager, Cisco Business Edition, or Cisco Hosted Collaboration Solution (HCS).

What are MRA phones?

Basically, MRA (Cisco Unified Communications Mobile and Remote Access) allows endpoints such as Cisco Jabber to have their registration, call control, provisioning, messaging and presence services provided by CUCM when the endpoint is outside the enterprise network.

How do you set up an MRA?

0) - MRA Configuration [Cisco Expressway Series] - Cisco....ProcedureOn the Expressway-C, go to Configuration > Unified Communications > Configuration.Set Unified Communications mode to Mobile and Remote Access.Click Save.Repeat this procedure on Expressway-E.

What is the difference between Expressway C and E?

The Expressway-C is configured with DNS servers which are located on the internal network. The Expressway-E is configured with DNS servers which are publicly routable.

What is Expressway in VOIP?

Cisco Expressway offers users outside your firewall simple, highly secure access to all collaboration workloads, including video, voice, content, IM, and presence. Collaborate with people who are on third-party systems and endpoints or in other companies.

How do I log into Cisco Expressway?

Open a browser window and in the address line type one of the following: • IP address of the Cisco Expressway (for example, https://10.0.0.1). Enter the address as HTTPS. FQDN of the Cisco Expressway (for example, https://mydomain.example.com).

What are two functions of Cisco expressway in the collaboration edge?

A. Expressway-C provides encryption for Mobile and Remote Access but not for business-to-business communications. B. Expressway-E provides a VPN entry point for Cisco IP phones with a Cisco AnyConnect client using authentication based on certificates.

Which two functionalities does Cisco Expressway provide in the Cisco collaboration architecture?

NetworkingAssurance and Insights.Storage networking.

What is Cisco VCS Expressway?

The VCS Expressway is a SIP Registrar & Proxy and H. 323 Gatekeeper for devices which are located outside the internal network (for example, home users and mobile worker registering across the internet and 3rd party businesses making calls to, or receiving calls from this network).

What does Cisco Unified Communications Manager do?

CUCM is responsible for digit analysis of all calls. CUCM enables users to create scalable dial plans. Phone feature administration: CUCM extends services such as hold, transfer, forward, conference, speed dial, redial, call park, and many other features to IP phones and gateways.

How does Cisco Unified Communications Manager work?

CUCM uses SIP or SCCP to communicate with Cisco IP Phones for call setup and teardown and for supplementary service tasks. After a call has been set up, media exchange occurs directly between the Cisco IP Phones across the IP network, using the Real-Time Transport Protocol (RTP) to carry the audio.

What is the difference between CUCM publisher and subscriber?

The publisher verifies the subscriber's authenticity and adds the subscriber's IP address to its dynamic firewall (iptables). The subscriber is allowed to access the publisher database. The database content is replicated from the publisher to the subscriber.

What are network services and feature services What is the difference between them?

To avoid throwing errors only the needed feature services are activated (i.e. allowed to start). Network services are non-optional services for that product: they are required in all deployment scenarios. You have no ability to prevent them from starting but are able to stop/start/restart them.

What is off-premises access?

Off-premises access: a consistent experience outside the network for Jabber and EX/MX/SX Series clients

Can a third party SIP device register to Expressway C?

Third-party SIP or H.323 devices can register to the Expressway-C and, if necessary, interoperate with Unified CM -registered devices over a SIP trunk.

Does MRA require Expressway?

Any MRA solution requires Expressway and Unified CM, with MRA-compatible soft clients and/or fixed endpoints. The solution can optionally include the IM and Presence Service and Unity Connection. This guide assumes that the following items are already set up:

What is Expressway E certificate?

The Expressway-E server certificate is used. Jabber verifies the hostname returned in the SRV record response matches the hostname in the certificate.

How many SRV records are required for Expressway E?

The customer domain is used in the SRV record, and one SRV record is required per customer domain sharing the Expressway-E. All Expressway-E nodes in the cluster are listed in the SRV record for load balancing.

How to deploy 88xx phone?

To deploy 88xx phones in a multitenant Expressway environment without using domain-specific certificates, the user enters a service provider-specified subdomain value on the phone's welcome screen prompt. This technique works for 88xx phones with and without the SNI enhancement described in the previous section. The advantage to this approach is that the service provider does not need to manage per-domain certificates. The disadvantage is that the user must be instructed to enter a domain value other than their normal enterprise domain.

Does Expressway E support SNI?

Prior to X8.10, Expressway-E does not support SNI. It always returns the server certificate, which is the only certificate installed on Expressway-E. X8.10 adds domain certificates feature so Expressway-E now supports SNI. Admin may upload one (and only one) certificate per customer domain. Expressway locates and returns a certificate whose subject name matches the client's SNI request. During the TLS handshake, if a client TLS ClientHello request has SNI option set, Expressway-E searches its certificate store to locate a certificate whose subject name matches the SNI server hostname. The store contains both server certificate and all domain certificates. If a match is found, the certificate is returned to the client and the TLS handshake continues. Otherwise, Expressway-E either returns the server certificate for a HTTPS connection, or rejects the connection with a TLS Error #112 "Unrecognized Name" for SIP and XMPP connections. For endpoints that do not support SNI, they do not set the SNI option in a ClientHello request. In this case, the Expressway-E responds with the server certificate.

Does Expressway generate domain CSRs?

The Expressway can generate domain CSRs. This removes the need to use an external mechanism to generate and obtain certificate requests.

Does Expressway E enforce hostname?

With domain certificate feature support in X8.10, Expressway-E now enforce the certificate hostname check during the TLS handshake for SNI-capable endpoints. Thus, admin must upload proper certificates for customer domains. Prior to 8.10, Expressway-E always returned the server certificate during the TLS handshake. From version X8.10 forward, if a certificate match is not found for the specific SNI hostname, Expressway-E rejects the connection with error #112 for SIP and XMPP connections.

image
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 1 2 3 4 5 6 7 8 9