cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
885
Views
0
Helpful
4
Replies

UCM-Expressway Mobile Remote Access configuration

monster.speaks
Level 1
Level 1

Hello,

We are planning to setup Expressway in our orgaization and have decided on the following setup:

CUCM--Expressway-C--DMZ-Expressway-E(on a stick)--GTM(Acts as the DNS and load balancer)--Internet--Remote IP phone

Now, I have the following queries:
1. The users are local to the CUCM and not authenticated via LDAP , how will the remote user get authenticated in this case, is it even supported?
2. The internal domain would be set as xyz.net and over the internet it is xyz.com; from the admin/config guides, it seems that we need the following to be setup on the DNS:

Local DNS:
Domain  Service    Target
xyz.net cisco-uds  cucm.xyz.net

Public DNS:
Domain   Service       Target
xyz.com  collab-edge   expresswaye.example.com

Is that all that is required on the DNS servers?
3. Also, what needs to be set on the IP phone when they are configured over the internet?

4. Would it support the directory feature in our scenario, as it is more of a local user directory that is based on the CUCM? As it supports only uds based directory structure, can someone point me how are these records created for local users?

I have already gone through the configuration/admin guides available for Expressway 8.6 and would really appreciate, if I can get some direct answers.

4 Replies 4

devils_advocate
Level 7
Level 7

Hi, we have just implemented Expressway.

It took a lot longer than I expected actually!

In terms of your questions:

1. That will work fine, we create users manually within CUCM so as long as the users can login to Jabber internally then it should be fine externally, they will simply authenticate against CUCM.

2. Setup the _collab-edge SRV record in your xyz.com domain and point it at the A record for the Expressway-Edge devices Public IP address. 

3. Nothing needs to be set on the Desktop IP Phone, the Jabber device is seperate to this. Once the user opens Jabber outside the organisation they will type in 'Username@xyz.com'. The Jabber device will then query DNS for _collab-edge._tcp.xyz.com which will provide the Jabber client with the Expressway-E Public IP. That is the service discovery done. The user then just logs in with their CUCM username and password.

4. Within the Service Profile for Jabber on CUCM itself, there is an option to use UDS. We have enabled this option and the Jabber clients via Expressway simply use the CUCM directory which uses the Telephone Number field under the end user.

A few other notes....

Make sure you open ALL firewall the ports required in the deploymeny guide, one missing and you could end up with nobody being able to login via Expresway. We made a typo in one of the ports and I spent days with a TAC engineer trying to figure out what was wrong. The Jabber client has very few error messages which is not helpful.

DNS - Make sure this is setup correctly both internally and externally.

TLS for Certificates - this can be a pain, try and get a Public CA assigned Cert for the Expressway-E box as it makes it easier.

Hope this helps