What is mobile and remote access?
The Mobile and Remote Access solution (MRA) supports a hybrid on-premises and cloud-based service model. This provides a consistent experience inside and outside the enterprise. MRA provides a secure connection for Jabber application traffic without having to connect to the corporate network over a VPN.
What is Cisco expressway used for?
Cisco Expressway Series (Expressway) is designed specifically for comprehensive collaboration services. It features established firewall-traversal technology and helps to redefine traditional enterprise collaboration boundaries, to support our Cisco vision of any-to-any collaboration.
What is an MRA phone?
It is a device and operating system agnostic solution for Cisco Jabber clients on Windows, Mac, iOS and Android platforms. MRA allows Jabber clients that are outside the enterprise to do the following: Use Instant Messaging and Presence services. Make voice and video calls.
What is Cisco Expressway C and E?
The Expressway acts as a Unified Communications gateway for third-party devices and for mobile and remote access. Or you can register directly to the Cisco Expressway-C. To configure the Expressway for Unified. Communications services, see Mobile and Remote. Access via Cisco Expressway Deployment Guide on.
What is Cisco Webex Expressway?
Cisco Expressway is a powerful gateway solution specifically designed for comprehensive collaboration services provided through Cisco Unified Communications Manager, Cisco Business Edition, or Cisco Hosted Collaboration Solution (HCS).
What are two functions of Cisco expressway in the collaboration edge?
A. Expressway-C provides encryption for Mobile and Remote Access but not for business-to-business communications. B. Expressway-E provides a VPN entry point for Cisco IP phones with a Cisco AnyConnect client using authentication based on certificates.
How do you set up an MRA?
0:306:47Expressway MRA Basic Configuration - YouTubeYouTubeStart of suggested clipEnd of suggested clipLet's start in the expressway CE and go to configuration domains. Let's add the SIP domain that'sMoreLet's start in the expressway CE and go to configuration domains. Let's add the SIP domain that's going to be used for mr a click new and type in the domain name. And then click create domain.
What is Cisco Expressway edge?
Cisco Expressway-Edge is another name for VCS-Expressway. Same exact software. Expressway-Edge is a VCS-Expressway that is deployed as a Mobile and Remote Access proxy only.
What is Cisco Expressway core?
Cisco Expressway consists of two servers The core server, known as Expressway-C, sits inside and acts as a firewall traversal client. The second server, Expressway-E server, is on the edge of your network and is the only point of access to the public Internet.
How do I log into Cisco Expressway?
To log into the web user interface: 1. Open a browser window and in the address line type one of the following: • IP address of the Cisco Expressway (for example, https://10.0.0.1). Enter the address as HTTPS. FQDN of the Cisco Expressway (for example, https://mydomain.example.com).
What is the difference between VCS and expressway?
The VCS series is better suited for customers who use video communication only and have no need to support voice over IP phones and other voice related services. The Expressway series, on the other hand, is more suited for customers who need to support voice over IP phones or other voice related services.
What is Cisco Expressway core?
Cisco Expressway consists of two servers The core server, known as Expressway-C, sits inside and acts as a firewall traversal client. The second server, Expressway-E server, is on the edge of your network and is the only point of access to the public Internet.
What is the difference between a highway and an expressway?
An expressway is a limited-access highway for a high-speed and high volume of traffic without any signal, intersection, or property access. Whereas, the highway is a main public roadway for a higher volume of traffic with traffic signals, intersections, and property access.
What does Expressway mean?
Definition of expressway : a high-speed divided highway for through traffic with access partially or fully controlled.
What is Expressway C?
Expressway-C automatically generates non-configurable neighbor zones between itself and each discovered Unified CM node. A TCP zone is always created, and a TLS zone is created also if the Unified CM node is configured with a Cluster Security Mode ( System > Enterprise Parameters > Security Parameters) of 1 ( Mixed) (so that it can support devices provisioned with secure profiles). The TLS zone is configured with its TLS verify mode set to On if the Unified CM discovery had TLS verify mode enabled. This means that the Expressway-C will verify the CallManager certificate for subsequent SIP communications. Each zone is created with a name in the format 'CEtcp-<node name>' or 'CEtls-<node name>'.
What is SIP OAuth mode?
SIP OAuth Mode is recommended if you want secure SIP line signaling and your system supports it.
Does Cisco accept responsibility for SAML 2.0?
Cisco cannot accept responsibility for any errors, limitations, or specific configuration of the IdP. Although Cisco Collaboration infrastructure may prove to be compatible with other IdPs claiming SAML 2.0 compliance, only the following IdPs have been tested with Cisco Collaboration solutions: OpenAM 10.0.1.
Can multiple MRA users use the same IP address?
If you have multiple MRA users using the same IP address (for example, if you have multiple MRA users behind a NAT with the same public IP address), automated intrusion protection may trigger due to all of the traffic from the same IP address. In this case, configure an exemption on the IP address.
Do Expressway C and E trust each other?
Make sure that Expressway-C and Expressway-E trust each other's certificates. As each Expressway acts both as a client and as a server you must ensure that each Expressway’s certificate is valid both as a client and as a server. For detailed information on certificate exchance requirements, see Certificate Requirements .
Does Cisco Expressway use SAML?
From X12.5, Cisco Expressway supports using a single, cluster-wide metadata file for SAML agreement with an IdP. Previously, you had to generate metadata files per peer in an Expressway-C cluster (for example, six metadata files for a cluster with six peers). For the cluster-wide option, run this procedure on the Expressway-C primary peer.
What is Expressway CSR?
The Expressway certificate signing request (CSR) tool prompts for and incorporates the relevant subject alternate name (SAN) entries as appropriate for the Unified Communications features that are supported on that Expressway.
What is a mobile and remote access solution?
The mobile and remote access solution supports a hybrid on-premises and cloud-based service model, providing a consistent experience inside and outside the enterprise. It provides a secure connection for Jabber application traffic without having to connect to the corporate network over a VPN. It is a device and operating system agnostic solution for Cisco Jabber clients on Windows, Mac, iOS and Android platforms.
How does Jabber verify the identity of Expressway E?
Jabber clients must verify the identity of the Expressway-E they are connecting to by validating its server certificate. To do this, they must have the certificate authority that was used to sign the Expressway-E's server certificate in their list of trusted CAs.
What is Cisco Unified Communications?
Cisco Unified Communications mobile and remote access is a core part of the Cisco Collaboration Edge Architecture. It allows endpoints such as Cisco Jabber to have their registration, call control, provisioning, messaging and presence services provided by Cisco Unified Communications Manager (Unified CM) when the endpoint is not within the enterprise network. The Expressway provides secure firewall traversal and line-side support for Unified CM registrations.
What is diagnostic log in Expressway?
The diagnostic logging tool in Expressway can be used to assist in troubleshooting system issues. It allows you to generate a diagnostic log of system activity over a period of time, and then to download the log.
Why do I need to associate a domain with an IDP?
You need to associate a domain with an IdP if you want the MRA users of that domain to authenticate via the IdP. The IdP adds no value until you associate at least one domain with it.
Why does a high volume of calls trigger denial of service thresholds on unified CM?
This is because all the calls arriving at Unified CM are from the same Expressway-C (cluster).
How does the Expressway work?
The Expressway can limit the number of times that any user's credentials can be used, in a given configurable period, to authorize the user for collaboration services. This feature is designed to thwart inadvertent or real denial of service attacks, which can originate from multiple client devices authorizing the same user, or from clients that reauthorize more often than necessary.
What is Cisco Unified Communications Mobile and Remote Access?
Cisco Unified Communications Mobile and Remote Access is a core part of the Cisco Collaboration Edge Architecture. It allows endpoints such as Cisco Jabber to have their registration, call control, provisioning, messaging and presence services provided by Cisco Unified Communications Manager (Unified CM) when the endpoint is not within the enterprise network. The Expressway provides secure firewall traversal and line-side support for Unified CM registrations.
What are the two certificates for Cisco Unified Communications Manager?
The two Cisco Unified Communications Manager certificates that are significant for Mobile and Remote Access are the CallManager certificate and the tomcat certificate . These are automatically installed on the Cisco Unified Communications Manager and by default they are self-signed and have the same common name (CN). We recommend using CA-signed certificates for best end-to-end security between external endpoints and internal endpoints. However, if you do use self-signed certificates, the two certificates must have different common names. This is because the Expressway does not allow two self-signed certificates with the same CN. If the CallManager and tomcat self-signed certs have the same CN in the Expressway's trusted CA list, then it can only trust one of them. This means that either secure HTTP or secure SIP, between Expressway-C and Cisco Unified Communications Manager, will fail.
What is deployment in a network?
A deployment is an abstract boundary used to enclose a domain and one or more Unified Communications service providers (such as Unified CM, Cisco Unity Connection, and IM and Presence Service nodes). The purpose of multiple deployments is to partition the Unified Communications services available to Mobile and Remote Access (MRA) users. So different subsets of MRA users can access different sets of services over the same Expressway pair.We recommend that you do not exceed ten deployments.
How does Jabber verify the identity of Expressway E?
Jabber clients must verify the identity of the Expressway-E they are connecting to by validating its server certificate. To do this, they must have the certificate authority that was used to sign the Expressway-E's server certificate in their list of trusted CAs.
What is Expressway C?
The Expressway-C must be configured with the address details of the Unified Communications services/nodes that are going to provide registration, call control, provisioning, voicemail, messaging, and presence services to MRA users.
Why does my Expressway call fail?
Call failures can occur if the traversal zones on Expressway are configured with an Authentication policy of Check credentials. Ensure that the Authentication policy on the traversal zones used for Mobile and Remote Access is set to Do not check credentials.
