Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
913
Views
0
Helpful
5
Replies

SX20 via MRA secure profile

Go to solution
balmain99
Level 1
Level 1

‎09-02-2016 08:50 PM - edited ‎03-18-2019 06:20 AM

Hello,

Is it a requirement to have SX20 registered in Callmanager with secure profile first before before moving it outside with MRA?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jaime Valencia
Cisco Employee
Cisco Employee

‎09-03-2016 05:24 PM

The secure profiles are only required if you are using mixed mode and want secure communication as well when using MRA, if not, you'll only secure communication between the endpont and EXP-E, and internally it will be just SIP and RTP.

HTH

java

if this helps, please rate

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Jaime Valencia
Cisco Employee
Cisco Employee

‎09-03-2016 05:24 PM

The secure profiles are only required if you are using mixed mode and want secure communication as well when using MRA, if not, you'll only secure communication between the endpont and EXP-E, and internally it will be just SIP and RTP.

HTH

java

if this helps, please rate
0 Helpful

Go to solution
nuinoahmed
Level 1
Level 1
In response to Jaime Valencia

‎09-05-2016 03:59 AM

Hi Jaime,

I have probably same question as balmain99.  Your explanation above is clear but what I want also to clarify is if I have an out of the box SX20.  Can I just configure it via MRA and use Secure profile with no need to first register the endpoint to CUCM (Not via MRA) with secure profile.  Once this is successful you can only then register it via MRA with secure profile?  Thanks in advance.

0 Helpful

Go to solution
Jaime Valencia
Cisco Employee
Cisco Employee
In response to nuinoahmed

‎09-05-2016 08:25 AM

I have not tried that scenario of trying to use secure profiles with an out of the box device, it *might* work as it should receive the device config via MRA, but I'm not 100% sure.

If it doesn't work, I'd probably try without a secure profile, then try to apply the secure profile once the device has been registered, and then attempt again a new MRA registration.

HTH

java

if this helps, please rate
0 Helpful

Go to solution
balmain99
Level 1
Level 1
In response to Jaime Valencia

‎09-05-2016 08:43 AM

Hello Jamie,

Thanks for your previous answer, it cleared things.

Now, if I may, I have MRA in my infrastructure working with Jabber without a problem.

When trying the out-of-the-box SX20 outside (after having registered it internally) I get a certificate error.

I am not using a security profile. The certificate authority is Verisign and it is already contained in the CAs of the SX20.

What could be the problem ?

0 Helpful

Go to solution
nuinoahmed
Level 1
Level 1
In response to balmain99

‎09-05-2016 10:06 AM

Hello Balmain99

Does your Expressway E certificate contain you SIP domain in the SAN?

0 Helpful
Customers Also Viewed These Support Documents