cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
305
Views
0
Helpful
1
Replies
ahmed-hassan1110
Beginner

Expressway Mobile Remote Access ( MRA ) setup query

Hi Gents,

I'm implementing Expressway C and E version 8.5.2 for MRA and i have the following client setup :

- Split horizon DNS.

- 2 domains as follows, Internal: domainX.local and external: domainX.com

- All UC servers are joining the internal domain, CUCM.domainX.local, IM&P.doaminX.local, CUC.domainX.local,....etc.

- Client has both local certificate authority (CA) to locally sign his servers certificates and also registered to public CA to sign his public servers certificates.

- I have EXP-C and EXP-E to enable the Mobile Remote Access for Jabber clients from outside.

I'm able to make the EXP-C either on internal domainX.local or external domainX.com and for sure the EXP-E on the DMZ will be on the domainX.com as it will be a public and will be accessed from internet.

 

my question is, should i place the EXP-C in the domainX.local (internal) or domainX.com (external) for the setup to work?

I have the following concerns in this regard:

- If i placed the EXP-C in the external domainX.com, will its communication with the internal UC servers which are all in the internal domain be okay ? and will the certificate trust relation with all UC servers and relation with the EXP-E will be fine?

- If i placed the EXP-C in the internal will the certificate trust relation with all UC servers and relation with the EXP-E will be fine?

- is it possible to have EXP-C certificates signed by local CA while the EXP-E certificates will be signed by public CA ? will it be okay?

- is the "Unified CM phone security profile names" as a part of the data to be entered when generating the CSR in the EXP-C mandatory ? i mean do i have to use TLS for phones through this security profile or i can just enable the non-secure phone profile without TLS, and if i can use the non secure phone profile, do i have to enter this field when generating the EXP-C CSR or can i leave it blank ?

If any on have a working setup kindly brief me about it specially the domains and certificates parts.

1 REPLY 1
Chris Deren
Hall of Fame Master

duplicate

https://supportforums.cisco.com/discussion/12515216/expressway-mobile-remote-access-mra-setup-query

Create
Recognize Your Peers
Content for Community-Ad