Solved: Ask the Expert: Cisco Expressway

Monica Lluis · ‎01-19-2016

This session will provide an opportunity to learn and ask questions Cisco Expressway and features such as Mobile Remote Access (MRA), DVO-R, Cisco Jabber Guest and B2B.

Ask questions from Monday, April 4 to April 15, 2016

Featured Experts

Aditya Gupta comes from Backbone TAC UC Team background where he worked on troubleshooting on the UC products. Currently working with Cloud and Managed services and handling the key accounts for Cisco in Unified collaboration and Telepresence domain and He holds Cisco Certification CCIE (#44733) in collaboration.

Aashish Dua is Network Consulting Engineer with Cisco Advanced Services and works in Cloud Collaboration( HCS) domain, prior to this, he worked as technical lead for CUCM team for TAC Backbone Centre in Bangalore and successfully catered to Complex troubleshooting scenarios and customer escalations in unified communications.
He holds special interest in Unified Collaboration domain and Virtualisation, he is a CCIE collaboration and a technology enthusiast.

Find other https://supportforums.cisco.com/expert-corner/events.

** Ratings Encourage Participation! **
Please be sure to rate the Answers to Questions

I hope you and your love ones are safe and healthy
Monica Lluis
Community Manager Lead

Aashish Dua · ‎04-11-2016

Hello Jean, Thanks for reaching out, i can suggest below pointers for troubleshooting,

what is the user experience when you call, does it plays reorder tone or is it dead silence?
for the basic call flow troubleshooting, you can use the call manager's real time trace in RTMT to check if the call is hitting to next hop, as it is all SIP, so plain text.
from the expressway logs, you may want to check the "event logs" to see if the call is hitting and if expressway routing it out.
more detailed logging can be enabled in diagnostics logs, but please disable them post your test call is done as it will eat up resources on expressway VM.

hope above pointers will help you but please do share some specifics from log if you find any anomaly.

look forward to hear from you.

Thanks,

Aashish

View solution in original post

Aditya Gupta · ‎04-12-2016

Hi Rajkumar

The response to your query highly depends on how you want to design your environment.

In case you are looking at your SME as entry and exit points to your Expressway solution, then yes you can point your SRV records to your SME only and then have ILS connections between SME and Leaf clusters. You can also deploy internal jabber login in similar way.

You can find more details here :

http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/srnd/collab11/collab11/trunks.html

Regards

Aditya Gupta

View solution in original post

Sarah Staker · ‎04-05-2016

Hello,

I am doing some evaluation of Cisco Expressway. Can you let me know what are the certificate requirements for the expressway deployment?

Aashish Dua · ‎04-05-2016

Hello Sarah,

Broadly expressway uses the certificates for Secure HTTP with TLS (HTTPS) connectivity,TLS connectivity for SIP signaling, endpoints and neighbor zones , Connections to other systems such as Unified CM, Cisco TMS, LDAP servers and syslog servers.

Now it again matters what is expressway used for, for details below document can be used,

"http://www.cisco.com/c/dam/en/us/td/docs/voice_ip_comm/expressway/config_guide/X8-7/Cisco-Expressway-Certificate-Creation-and-Use-Deployment-Guide-X8-7.pdf"

Please feel free to write if you have any specific questions.

Hope it helps.

Thanks,

Aashish Dua

Wilson Samuel · ‎04-05-2016

Thanks Ashish for taking my question.

I would want to know, how do we proceed with certificates if the scenario involves where a customer has Internal DNS Domain different from the Public DNS Domain Name?

e.g. my internal domain is foobar.local but my Public DNS domain name is foobar.com, and I want the MRA to be deployed.

Regards

Aditya Gupta · ‎04-05-2016

Hi Wilson

General Certificate requirement remains the same, even in multi-domain environments.

Expressway-C
- The chat node aliases that are configured on the IM&P Servers must be added. This is only required for the Unified Communications XMPP federation deployments that intend to use both Transport Layer Security (TLS) and group chat. This is added automatically to the Certificate Signing Request (CSR), provided it has discovered the IM&P servers already.
- The names, in FQDN format, of all of the phone security profiles in the CUCM that are configured for encrypted TLS and are used for devices that require remote access must be added.
  
  Note: The FQDN format is only required when your Certificate Authority (CA) does not allow hostname syntax in the SAN.
Expressway-E
- All of the domains that are configured for Unified Communications must be added.
  
  Note: For Jabber clients, the FQDN of the Expressway-E is sufficient, as they can match the domain from the FQDN. This is not yet supported by Traffic Class (TC) endpoints; hence the recommendation to add them.
- The chat node aliases that are configured on the IM&P Servers must be added. This is only required for Unified Communications XMPP federation deployments that intend to use both TLS and group chat. These can be copied from the CSR that is generated on the Expressway-C.

Following links contain configuration example in a multi-domain environment :

http://www.cisco.com/c/en/us/support/docs/unified-communications/expressway-series/117811-configure-vcs-00.html

http://www.cisco.com/c/dam/en/us/td/docs/voice_ip_comm/expressway/config_guide/X8-5/Mobile-Remote-Access-via-Expressway-Deployment-Guide-X8-5.pdf

I hope its helpful.

Please feel free to follow up in case you still have doubts.

Thanks

Aditya Gupta

Rajkumar Yadav · ‎04-06-2016

Hello Aditya/Aashish,

Hope you guys doing great.

I would like to know about the Expressway deployed with SME cluster.

As what i understand that sip line registration will go to the leaf cluster for MRA functionality.

It will use the home cluster option for identifying the user along with ILS ?

OR

We will be using the partition UC services with multiple deployment on expressway.

What if two cluster have same domain, how this will work.

Also please let me know the internal SRV records in SME environment.

____________________________________________

Coming to B2B setup on expressway with SME.

Is the best design to have the ad hoc Trunk direct to conductor from leaf cluster and for rendezvous leaf cluster should point to SME cluster and SME will then send to conductor.

Could you please the call flow and will this be good solution considering my bandwidth requirement would be high if the vTS and Conductor are placed in Data center.

Regards,

Raaj.

shabeeralibn · ‎04-09-2016

Hi,

I still have some doubts.

What are the general requirements for generating certificate?

Thanks in advance!!!

Regards,

Shabeer

Aditya Gupta · ‎04-12-2016

Hi Shabeer

I would suggest going through the following guide to understand the certificate and it roles :

http://www.cisco.com/c/dam/en/us/td/docs/voice_ip_comm/expressway/config_guide/X8-7/Cisco-Expressway-Certificate-Creation-and-Use-Deployment-Guide-X8-7.pdf

Certificates mostly act as trusting point for establishing secure connections between the devices involved.

In case you have any specific questions, please feel free to post.

Regards

Aditya Gupta

Wilson Samuel · ‎04-05-2016

Thanks Ashish for taking my question.

I would want to know, how do we proceed with certificates if the scenario involves where a customer has Internal DNS Domain different from the Public DNS Domain Name?

e.g. my internal domain is foobar.local but my Public DNS domain name is foobar.com, and I want the MRA to be deployed.

Regards

Wilson Gabriel Veliz Plua · ‎04-05-2016

Good day Aashish

Do you have any diagram design or topology that indicates where I can put the Expressway solution in HCS environment.

Regards

Wilson

Aashish Dua · ‎04-06-2016

Hello Wilson,

Good Day, thanks for reaching out, the expressway deployment is little different in the HCS, below document ( with complete call flows and diagrams) is very helpful in understanding the expressway deployment and signal and media flow in HCS,

Expressway in HCS

Please do write back for any specific scenario question.

Thanks,

Aashish Dua

Wilson Gabriel Veliz Plua · ‎04-12-2016

Tks Aashish,

I knew that my question is different from this topic, but as expert HCS can you help me with some examples of design and depoyment HCS including FW CUBE SP.

Regards

Wilson Gabriel Veliz Plua

Aashish Dua · ‎04-15-2016

Hello Wilson,

HCS is a solution which offers the flexibility to chose the CUBE vs the virtualised cube which is Perimeta but the design to CBO does not change.

Not sure what exactly you would like me to comment but the design is mentioned in below reference document,

Design document

i would be happy to help you on anything in HCS, thus request you to post on HCS section of CSC.

Hope to see you there J

Thanks,

Aashish Dua

KY_ · ‎04-05-2016

Hi Aashish and Aditya,

How can I find Expresway C/E training guide ?

Thanks

Aashish Dua · ‎04-05-2016

Hello M.Kemal,

There are different applications for the expressway product like, MRA, B2B, B2C, Spark Hybrid etc

There is an excellent documentation for the expressway product from cisco, please find the link below for the latest release X 8.7,

http://www.cisco.com/en/US/products/ps13435/products_installation_and_configuration_guides_list.html

for quick snapshot on expressway, please refer the datasheet below,

http://www.cisco.com/c/en/us/products/unified-communications/expressway-series/datasheet-listing.html

Hope it helps, please let us know if you have any specific question / training need.

Thanks,

Aashish Dua