05-23-2018 06:14 AM - edited 03-17-2019 07:32 PM
Hello,
We are using MRA with expressway version 8.10.4 and everything are working well. The problem is that when we switch ip-phones to secure profile, calls between jabber and phones doesn’t have media, but signaling is ok.
CUCM (11.5) is working in mixed-mode and we exchanged certificates between cucm and exp-c. It should be noted that CUCM is using self-sign certificates and expressways get certificates from a CA.
anyone can help us?
Thanks.
Solved! Go to Solution.
05-23-2018 12:24 PM
Hi there
Assuming both CUCM and Expressway can trust each other. Any firewall restrictions in middle. Wireshark could be a best bet.
Also try checking SRTP Allowed on the SIP trunk from CUCM to Expressway.
Hope this helps!
Cheers
Rath!
***Please rate helpful posts***
05-23-2018 12:24 PM
Hi there
Assuming both CUCM and Expressway can trust each other. Any firewall restrictions in middle. Wireshark could be a best bet.
Also try checking SRTP Allowed on the SIP trunk from CUCM to Expressway.
Hope this helps!
Cheers
Rath!
***Please rate helpful posts***
05-27-2018 07:01 AM
Thanks Dear Cisco Rath! for your attention
Just to ensure, I uploaded Exp-C’s Root CA in CUCM as a Call Manager-Trust and CUCM’s “Cisco_Root_CA” in EXP-C. Is it done right?
Based on below link, I routed the calls by line-side to cucm Not trunk-side.
https://www.cisco.com/c/en/us/support/docs/unified-communications/telepresence-video-communication-server-vcs/118877-config-vcs-00.html
How can I ensure that cucm and exp can trust each other ?
Sincerely
05-28-2018 06:25 PM
Hi there
Yes, For Unified CM and Expressway to establish a TLS connection with each other:
In Expressway and Unified CM must both have valid server certificates loaded (you must replace the Expressway's default server certificate with a valid server certificate).
In Expressway must trust Unified CM’s server certificate (the root CA of the Unified CM server certificate must be loaded onto Expressway) n Unified CM must trust Expressway’s server certificate (the root CA of the Expressway server certificate must be loaded onto Unified CM)
Hope this Helps
Cheers
Rath!
***Please rate helpful posts***
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide