Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2407
Views
0
Helpful
2
Replies

Cisco Expressway Secure B2B TLS Encrypted

Go to solution
adirosso91
Level 1
Level 1

‎08-09-2016 04:48 AM - edited ‎03-19-2019 11:26 AM

Hi Guys,

We have a deployment that required 2 Company A (company-A.com) and Company B (company-B.com) can established secure B2B calls with TLS encrypted. Actually those 2 companies are sisters company, and want to secure all communication between 2 CUCM via expressway edge 

Below are servers details :

Company A :

  1. CUCM 11.5 in Mixed Mode (publisher only)
  2. IM&Presence 11.5
  3. Expressway C & E  X8.8
  4. Conductor X4.2
  5. Telepresence Server (MM410v) 4.3(1.14)
  • All server certificate signed by Digicert Wilcard Plus
  • All of the calls (point-to-point, instant and permanent meeting) already encrypted

--------------------------------------------------------------------------------------------------------------------------

Company B:

  1. CUCM 11.5 in Mixed Mode (publisher only)
  2. IM&Presence 11.5
  3. Expressway C & E X8.8
  4. Conductor X4.2
  5. Telepresence Server (MM410v) 4.3(1.14)
  • All server certificate signed by Digicert Multi-Domain
  • All of the calls (point-to-point, instant and permanent meeting) already encrypted

We already performed B2B calls via expressway edge successfully with TCP transport and TLS verify mode = Off.
My question is, is there any possibilities we can perform B2B calls with TLS verify mode = On, and all security factor on expressway is active?

Is there any documentation or requirement for this deployment model?

Please advise.

Thanks

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jaime Valencia
Cisco Employee
Cisco Employee

‎08-09-2016 07:26 AM

Yes, all you would require is to turn on the switches for TLS ON and assuming everything goes fine, you can leave media encryption mode to auto, and it should identify it can secure the calls.

Or you can also change the media encryption mode, but only encrypted calls would be accepted.

HTH

java

if this helps, please rate

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Jaime Valencia
Cisco Employee
Cisco Employee

‎08-09-2016 07:26 AM

Yes, all you would require is to turn on the switches for TLS ON and assuming everything goes fine, you can leave media encryption mode to auto, and it should identify it can secure the calls.

Or you can also change the media encryption mode, but only encrypted calls would be accepted.

HTH

java

if this helps, please rate
0 Helpful

Go to solution
adirosso91
Level 1
Level 1
In response to Jaime Valencia

‎08-09-2016 05:32 PM

Hi Jaime,

Thanks for your response.
I would like to know, do we need to exchange Server Certificate and CA Root on both of the Expressway Edge?  

Also,
We create DNS zone on Exp-E (Company A) for communication to other Exp-E node (Company B), and set TLS verify mode to ON. Do we need fill TLS verify subject name with the other Exp-E node subject name as my attachment below?

Thanks

Preview file
38 KB
0 Helpful
Customers Also Viewed These Support Documents