Showing results for 
Search instead for 
Did you mean: 

Cisco Expressway mobile collaboration without a separate VPN client

Andy Johnston
Cisco Employee
Cisco Employee

Take a look at this blog post and let me know what you think. 

Now that administrators will have a choice, when would you allow mobile workers to connect to their collaboration services from outside the firewall via a secure TLS-connection? 

And when would you want them to connect via a layer 3 VPN client such as Cisco AnyConnect?

Are there situations where both are needed?

67 Replies 67

Joshua Warcop
Level 5
Level 5

Cisco Collaboration Edge architecture is purely for collaboration endpoints such as TelePresence, Phones, Jabber, H.323/SIP endpoints, Jabber Guest.  Ideally all collaboration endpoints will connect through Expressway.

You'll still need AnyConnect to connect into the corporate network to access IPv4 resources unless you have deployed a NAT64 tunneling solution.

Both are still needed to provide an "office chair" user experience.

The only phone supported is DX650 and that's on the roadmap

None of the other models of phones are supported and there is no committed dates



Expressway is designed specifically not to need a VPN tunnel.  You would set up a DNS with your Service Provider to point to your Expressway in the DMZ.  As long as the device you are using to connect to the Expressway has access to the Internet it should be able to reach your Expressway and thus communicate with the internal devices on the other end.

That being said traditional endpoints, "phones," would still have to VPN into your internal network first because they would have to register with either CUCM or VCS.  As jwarcop above has already stated Expressway is specifically for collaboration endpoints such as Jabber.

EExpressway supports jabber and TC endpoints but that doesn't mean it shouldn't have supported regular phone endpoints but tahrs a topic for another day. Cube is taking that place for phones in place of Asa pp feature or phone VPN which is still there but has limited endpoint support

Srini and All,

Can you point me to a design document for end to end collaboration. Aim of this set-up is to allow Jabber client running on all the end user endpoints (iPAD,iPhone,Android device,LapTop, Samsung Glaxy Notebook) using which any enterprise user can use corporate infrastructure for inbound/outbound telephone calls, IM/Presence without using a separate VPN client or don't have to worry about installing a dedicated client for Audio/Video or IM/Presence.

The PoC set-up topology look like as stated below :

Jabber UNIFIED Client ----->Internet ---->Internet FW----->VCS_Expressway_8.1E----->Internal FW----->Application Segment(VCS-ExpresswayC) ----> CUCM Servers---->IPT Servers-----> Enterprise Phone/Video End points

Q) Looking towards clarity on Positioning of Expressway E , FQDN , DNS entry and clarity on call path in detail

Q) Clarity on Firewall port end to end. I was going through the document

"Cisco Expressway X8.1-D15066.01 December 2013" but not able to find out what will be the firewall rule for communication between VCS Expressway E and C?

If my question is a repeat then please point me to the right document.

Thanks for your kind attention.



any idea as to when the DX650 would be supported? i saw a new firmware out sept 18th but i didnt pickup anything for collab edge

thanks in advance

Hello there! Happy to share with you that the option for Expressway on the DX Series is on our short term roadmap. Stay tuned in the coming months   This feature will definitely be included in our next release for the DX Series. Happy collaborating!


When will see this make their way into other endpoints like 8800 series or even 7800? Any chance with 9900 series?

I realize it won’t happen with 7900 series


Definitely on the roadmap for CY15 for 7800 and 8800 Series as a known priority item - but don't have timeline locked down from BU yet to offer at this point. BU working through those details.

9900 Series and 7900 Series - no discussions on either series that am aware of.

Kirk McNeill


Thank you Kirk


what about the DX70 and 80.....are these supported for collaboration edge?