Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
676
Views
13
Helpful
7
Replies

Un-secure connection for Mobile access via Exp-C, Exp-E and CUCM

samhopealpha
Level 1
Level 1

‎03-23-2016 02:05 AM - edited ‎03-18-2019 05:44 AM

Hi Everybody,

After gone through the config guide of Mobile access via Expressway
http://www.cisco.com/c/dam/en/us/td/docs/voice_ip_comm/expressway/config_guide/X8-7/Mobile-Remote-Access-via-Expressway-Deployment-Guide-X8-7.pdf

I come up with a question.
If jabber client on mobile phone is the only client from the Internet,
is it possible to establish a non-secure connection between CUCM and Expressway-C?

Thanks in advance

Sam

Labels:
0 Helpful
7 Replies 7

Oleksandr Yurchenko
Level 7
Level 7

‎03-23-2016 02:10 AM

Hello,

Yes. You can use a non-secure connection between CUCM and Expressway-C.

It's work.

br Oleksandr

samhopealpha
Level 1
Level 1
In response to Oleksandr Yurchenko

‎03-23-2016 02:32 AM

Hi Kikhil and Oleksandr

Thanks for the quick response 

However, I can't find the document about the non-secure settings. 

It only mentioned the secured setting (start at page 13). 

Where can I find the non-secure document? 

Thanks in advance

Sam

0 Helpful

Oleksandr Yurchenko
Level 7
Level 7
In response to samhopealpha

‎03-23-2016 06:29 AM

Hi Sam

I think, you cannot find the confirmation in manuals. But you can change TLS to TCP as mentioned Nickil.

br Oleksandr

samhopealpha
Level 1
Level 1
In response to Oleksandr Yurchenko

‎03-24-2016 03:00 AM

Hi Oleksandr, 

However, in VCS-E,  

goto Configuration > Zones > Zones

When I select the type "Unified Communications traversal"
it requires the "TLS verify subject name" as the compulsary field

How can I make it not to TLS?

Should I avoid to use the type "Unified Communications traversal"?
just using
"Traversal Client" type on VCS-C , and
"Traversal Server" Type on VCS-E
and make them to use TCP only?

Thank you 

Sam

0 Helpful

Jonathan Unger
Level 7
Level 7
In response to samhopealpha

‎03-29-2016 11:14 PM

Hi Sam,


The purpose of the Unified Communications Traversal zone is for the communication to be secure between the EXP-C and the EXP-E.

You can have a non-secure connection between CUCM and the EXP-C as mentioned by Nikhil and Oleksandr. However, for MRA you will need to use the Unified Communications Traversal zone type between EXP-C and EXP-E which will always be secure.

The other Traversal zone type is not meant for MRA, but rather for B2B and other types of calls.

You will need to sign and upload certificates to your EXP-C and EXP-E in order for the Unified Communications Traversal zone to come up properly. You will also need to upload the CA trust chain to each expressway server.

For more information of certificate creation and application you can refer to the "Cisco Expressway Certificate Creation and Use" guide.

http://www.cisco.com/c/dam/en/us/td/docs/voice_ip_comm/expressway/config_guide/X8-7/Cisco-Expressway-Certificate-Creation-and-Use-Deployment-Guide-X8-7.pdf



Please let us know if this helps.

0 Helpful

Oleksandr Yurchenko
Level 7
Level 7
In response to samhopealpha

‎03-24-2016 12:50 AM

Hi Sam,

I think thread below will help you:

https://supportforums.cisco.com/discussion/12918956/jabber-client-vcs-expressway-encryption-using-mra#comment-11244841

br Oleksandr

0 Helpful

Nikhil Jayan Kandampully
Level 1
Level 1

‎03-23-2016 02:26 AM

you can use TCP protocol instead of TLS while integrating Exp-C with CUCM for MRA.

BR,

Nikhil

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents