Showing results for 
Search instead for 
Did you mean: 

Collaboration Edge questions


Hello, we have a small office running a BE6K.  So far we're using CUCM, IM&P, Unity Connections, and Prime Collab Provisioning.  v10.5.  


We'd like to add Collaboration Edge, so that we can make external video calls with our DX80s.  A couple questions


  1. Our PSTN is just PRIs, so we can use the Internet for external B2B video calls?  Or do I need a SIP trunk?
  2. Will Collaboration Edge also let us do external Jabber?
  3. Do we need to use real certificates, or can we use self-signed (I realize that it will present the security warning with self-signed_



9 Replies 9

Jaime Valencia
Hall of Fame Cisco Employee Hall of Fame Cisco Employee
Hall of Fame Cisco Employee

PRIs or SIP trunks have nothing to do with B2B, you set a connection between the VCSs/EXPs on your end and the ones on the end you're calling.

Yes, CE was primarily built for Jabber and other endpoints to register from outside the network

If you want to make your life easier in the long run, yes, use CA signed certs, next best option would be your internal CA, and last option to use the self-signed from each server. But we strongly recommend using CA signed certs to avoid all the overhead required by not using them.

You probably want to reach out to a reputable Cisco Partner so they can assist you with this.



if this helps, please rate

Martin Koch

What do you think of doing, external calls to external partners or internal calls, like home office towards your office?

Expressway and collaboration edge can have multiple functions, or support them, like

* business to business (b2b) internet calls

* mobile remote access (mra) over the top / over the internet connection of internal devices

* jabber guest


1) video and business to business uri calls only utilize IP = internet connectivity, so no PRI lines get harmed, I would assume you do not use a dial up internet connection ;-)

Depending on the video quality you expect you should have 384 to 2048 (would recommend at least  1mbit/s for a call) bandwidth available

2) yes, you can have users from your organization using Jabber on the internet connected via MRA through the expressway and you can also connect to other organizations via Jabber through your expressway (XMPP federation)

3) It is highly recommended. Especially if your organization uses BYOD you will not get around that, its also not that expensive,so I do not really see any reason why not properly deploy it.

Please remember to rate helpful responses and identify

Thank you both, very helpful! +5

I've started the process going to get certs.  And we've got a nice 50mb/s fiber circuit, so we're okay there.

Our BE6K came with most applications pre-installed, but not Expressway E/C, so that's my first task.  So far I've been reading this good blog I found and of course the Cisco install guide.

But I just wanted to confirm my deployment model.  I use the same OVA twice.  Once as Expressway E in my DMZ, and once as Expressway C internally.  


Jaime Valencia
Hall of Fame Cisco Employee Hall of Fame Cisco Employee
Hall of Fame Cisco Employee

Yes, you're actually going to install 2 VCSs, then you turn them into EXP-C and EXP-E via the option keys you will install on them.



if this helps, please rate

yes, its the vcs ova and you add the option keys to make it what you need (Expressway -C / -E)


MRA will then work with it out of the box, b2b calls require RMA licenses, ask your Cisco Partner to get some.
I think it should be possible to get a time limited trial license on these keys as well.


There are also plenty Cisco guides



Also check out the mid market CVD guides, they might map exactly what you do:







Please remember to rate helpful responses and identify

And btw, also check out various of forum posts here regards deploying Expressway -E (or VCS-E).


You should know how you place your networks and configure your firewalls.


The Expressway-C could be in the same network as the CUCM.


In between your -C and -E should be a firewall and the -E can have to interfaces, one

for the internal DMZ and one for the outside network, either directly with a public ip

or in an other DMZ with 1:1 NAT for specific ports.


Check out:

Please remember to rate helpful responses and identify

Yep we already have our RMA licenses.

Thanks for the firewall traversal guide, very helpful.

The C device will be on our CUCM subnet. But for E I was planning on a single interface in my DMZ, and then use a public NAT.  Is the two interface method preferred? 

If you use one IP with NAT also the Expressway-C needs to connect to the external outside NAT ip of the Expressway-E

I had seen some firewall admins which had more trouble offering that, than using two interfaces with some additional transfer/dmz net.

Both work fine but you have to understand the traffic flow

Please remember to rate helpful responses and identify

And if you ask I would use

* interface 1 for the internal dmz

* interface 2 for the internet access with NAT

thats better if you want to extend it later on to a cluster.

Please remember to rate helpful responses and identify

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: