[cisco-voip] Cisco Expressway for Jabber MRA query
Ahmed Abd EL-Rahman
Ahmed.Rahman at bmbgroup.com
Fri May 22 12:30:44 EDT 2015
Hi Gents,
I'm implementing Expressway C and E version 8.5.2 for MRA and i have the following client setup :
- Split horizon DNS.
- 2 domains as follows, Internal: domainX.local and external: domainX.com
- All UC servers are joining the internal domain, CUCM.domainX.local, IM&P.doaminX.local, CUC.domainX.local,....etc.
- Client has both local certificate authority (CA) to locally sign his servers certificates and also registered to public CA to sign his public servers certificates.
- I have EXP-C and EXP-E to enable the Mobile Remote Access for Jabber clients from outside.
I'm able to make the EXP-C either on internal domainX.local or external domainX.com and for sure the EXP-E on the DMZ will be on the domainX.com as it will be a public and will be accessed from internet.
my question is, should i place the EXP-C in the domainX.local (internal) or domainX.com (external) for the setup to work?
I have the following concerns in this regard:
- If i placed the EXP-C in the external domainX.com, will its communication with the internal UC servers which are all in the internal domain be okay ? and will the certificate trust relation with all UC servers and relation with the EXP-E will be fine?
- If i placed the EXP-C in the internal will the certificate trust relation with all UC servers and relation with the EXP-E will be fine?
- is it possible to have EXP-C certificates signed by local CA while the EXP-E certificates will be signed by public CA ? will it be okay?
- is the "Unified CM phone security profile names" as a part of the data to be entered when generating the CSR in the EXP-C mandatory ? i mean do i have to use TLS for phones through this security profile or I can just enable the non-secure phone profile without TLS, and if i can use the non-secure phone profile, do i have to enter this field when generating the EXP-C CSR or can I leave it blank ?
If any on have a working setup kindly brief me about it specially the domains and certificates parts.
Best Regards
Ahmed Abd EL-Rahman
Senior Network Engineer
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20150522/04d0b0c3/attachment.html>
More information about the cisco-voip
mailing list