Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1143
Views
0
Helpful
4
Replies

I need to configure a 7821 for a remote worker through a Sonic firewall to an expressway server

ppellettiere
Level 1
Level 1

‎11-01-2017 01:00 PM - edited ‎03-17-2019 11:31 AM

I need to configure a 7821 for a remote worker through a Sonic firewall to an Expressway server.

Do I have to configure anything on the Phone prior to connect it to the firewall?

How does the phone route to the expressway server from the firewall/VPN ?

 

Thanks,

Pete

Labels:
0 Helpful
4 Replies 4

Rajan
VIP Alumni
VIP Alumni

‎11-01-2017 11:38 PM

Hi Pete,

WIth expressway solution, the expressway servers itself provides the firewall traversal to the internal network, i dont think you need to go through another firewall. You can hardcode the TFTP server IP address on the phone and you might need to connect the phone first in the internal network if it has not got the required certificates and then move it to the remote location.

HTH
Rajan
Pls rate all helpful posts
0 Helpful

Mohammed al Baqari
Level 11
Level 11

‎11-02-2017 12:36 AM

Hi,

 

You need to allow the following port list through your sonic wall.

 

https://www.cisco.com/c/dam/en/us/td/docs/voice_ip_comm/expressway/config_guide/X8-9/Cisco-Expressway-IP-Port-Usage-for-Firewall-Traversal-Deployment-Guide-X8-9-2.pdf

 

You need to make sure that you are running firmware 11.5(1) on the phone. If not, then connect your phone to cucm environment to upgrade the phone firmware.

 

You need to make sure that your expressway is signed by a CA that is listed in 7821 trusted CAs. See the trusted CAs below.

 

https://www.cisco.com/c/en/us/support/collaboration-endpoints/unified-ip-phone-7800-series/products-technical-reference-list.html

 

Once the phone boots it will ask for the service domain and from their will discover expressway and connect to it. If you got your expressway working for jabber then your expressway/cucm config should be good to go.

 

 

 

0 Helpful

ShaheerEP5682
Level 1
Level 1
In response to Mohammed al Baqari

‎11-26-2021 09:25 AM

Could you please guide me in detail.

 

Currently, my environment have expressway solution and Jabber is working fine remotely.

but it’s not signed by CA.

still can I use Ip phone to register from external?

what are the mandatory requirements to get it done or please provide the steps to make Ip phone register from home.

 

Thank You in Advance…

0 Helpful

Jaime Valencia
Cisco Employee
Cisco Employee
In response to ShaheerEP5682

‎11-26-2021 11:11 AM

The MRA configuration contains the steps for both, Jabber and IP Phones, that's the document you need to review.

It's mandatory to have the EXP-E signed by a public CA from the ones listed here:

https://www.cisco.com/c/en/us/support/collaboration-endpoints/unified-ip-phone-8800-series/products-technical-reference-list.html

 

The phones only have those CAs in the trust list, anything not in the list will not work.

HTH

java

if this helps, please rate
0 Helpful
Customers Also Viewed These Support Documents