02-02-2020 08:18 AM
Hoping someone can help me out with this.
I am attempting to directly register SIP endpoints to the an expressway-C and it fails. In the logs I am seeing an inbound TLS negotiation error with details stating unknown protocol. Can anyone assist in helping to break down why I am seeing this.
Endpoint is Cisco EX60. Expressway is running in fips mode. I have uploaded CA certs to the endpoint that signed the expressway-C cert but without any luck.
Any one seen the a error similar to the one below or in point in the correct direction to tshoot. I have sanitize the info for other field.
Solved! Go to Solution.
02-04-2020 05:20 PM
The EX60 is a very old device, and goes fully End of Support in a few months time (30 June 2020), so I'd start by recommending that you start looking at replacing those old systems with something newer and supportable.
But, to go in to your issue a bit more - what software version are you running on Expressway-C and the EX60? If the EX is running very old software, this may not be helping your troubleshooting. The current software version for an EX at the date of this post is TC7.3.20 - many of the older versions have been deferred due to a high impact security issue.
Your TLS issue may be certificate related, or DNS related. I'd suggest you go back through the Cisco Expressway Certificate Creation And Use Deployment Guide and double check what you have configured in your environment against this.
Please remember to mark helpful responses and to set your question as answered if appropriate.
02-04-2020 05:20 PM
The EX60 is a very old device, and goes fully End of Support in a few months time (30 June 2020), so I'd start by recommending that you start looking at replacing those old systems with something newer and supportable.
But, to go in to your issue a bit more - what software version are you running on Expressway-C and the EX60? If the EX is running very old software, this may not be helping your troubleshooting. The current software version for an EX at the date of this post is TC7.3.20 - many of the older versions have been deferred due to a high impact security issue.
Your TLS issue may be certificate related, or DNS related. I'd suggest you go back through the Cisco Expressway Certificate Creation And Use Deployment Guide and double check what you have configured in your environment against this.
Please remember to mark helpful responses and to set your question as answered if appropriate.
02-05-2020 06:15 AM
Wayne you are spot on and actually I forgot to update this case before you replied.
Basically certs were accepted TLS methods were not.
EX60 where only used because it what I had in lab for testing. Lab needs an update but not a huge lab budget.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide