cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

369
Views
13
Helpful
7
Replies
samhopealpha
Beginner

Un-secure connection for Mobile access via Exp-C, Exp-E and CUCM

Hi Everybody,

After gone through the config guide of Mobile access via Expressway
http://www.cisco.com/c/dam/en/us/td/docs/voice_ip_comm/expressway/config_guide/X8-7/Mobile-Remote-Access-via-Expressway-Deployment-Guide-X8-7.pdf

I come up with a question.
If jabber client on mobile phone is the only client from the Internet,
is it possible to establish a non-secure connection between CUCM and Expressway-C?

Thanks in advance

Sam

7 REPLIES 7
Oleksandr Yurchenko
Enthusiast

Hello,

Yes. You can use a non-secure connection between CUCM and Expressway-C.

It's work.

br Oleksandr

Hi Kikhil and Oleksandr

Thanks for the quick response 

However, I can't find the document about the non-secure settings. 

It only mentioned the secured setting (start at page 13). 

Where can I find the non-secure document? 

Thanks in advance

Sam

Hi Sam

I think, you cannot find the confirmation in manuals. But you can change TLS to TCP as mentioned Nickil.

br Oleksandr

Hi Oleksandr, 

However, in VCS-E,  

goto Configuration > Zones > Zones

When I select the type "Unified Communications traversal"
it requires the "TLS verify subject name" as the compulsary field

How can I make it not to TLS?

Should I avoid to use the type "Unified Communications traversal"?
just using
"Traversal Client" type on VCS-C , and
"Traversal Server" Type on VCS-E
and make them to use TCP only?

Thank you 

Sam

Hi Sam,


The purpose of the Unified Communications Traversal zone is for the communication to be secure between the EXP-C and the EXP-E.

You can have a non-secure connection between CUCM and the EXP-C as mentioned by Nikhil and Oleksandr. However, for MRA you will need to use the Unified Communications Traversal zone type between EXP-C and EXP-E which will always be secure.

The other Traversal zone type is not meant for MRA, but rather for B2B and other types of calls.

You will need to sign and upload certificates to your EXP-C and EXP-E in order for the Unified Communications Traversal zone to come up properly. You will also need to upload the CA trust chain to each expressway server.

For more information of certificate creation and application you can refer to the "Cisco Expressway Certificate Creation and Use" guide.

http://www.cisco.com/c/dam/en/us/td/docs/voice_ip_comm/expressway/config_guide/X8-7/Cisco-Expressway-Certificate-Creation-and-Use-Deployment-Guide-X8-7.pdf



Please let us know if this helps.

Hi Sam,

I think thread below will help you:

https://supportforums.cisco.com/discussion/12918956/jabber-client-vcs-expressway-encryption-using-mra#comment-11244841

br Oleksandr

you can use TCP protocol instead of TLS while integrating Exp-C with CUCM for MRA.

BR,

Nikhil

Create
Recognize Your Peers
Content for Community-Ad