<div dir="ltr">I just want to raise a point for us voice people, who do not typically live in the security world, but a compromised Expressway-E with one leg in the Internal swimming pool could compromise your entire internal network.  The dual interface option would be best deployed with two DMZs on the firewall to remain control of the traffic which egresses the Expressway-E towards the inside.<div><br></div><div>Something like DMZ1 and DMZ2, or simply DMZ (existing DMZ at customer site) and CollabEdge (new DMZ name for Expressway-E).</div><div><br></div><div>Don't ask me how this compromise could happen, as I'm not a hacker, but I would think anyone with a black hat night hobby could explain buffer overruns and gaining the ability to run commands on the remote system as root.<br><br><div class="gmail_quote"><div dir="ltr">On Mon, Jul 27, 2015 at 9:13 AM Matthew Loraditch <<a href="mailto:MLoraditch@heliontechnologies.com">MLoraditch@heliontechnologies.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">





<div lang="EN-US" link="#0563C1" vlink="#954F72">
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">Inline<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">Feel free to ask me more. I haven’t done it at your scale, but I have the entire expressway feature set deployed.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"><u></u> <u></u></span></p>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Calibri",sans-serif;color:#1f497d">Matthew G. Loraditch – CCNP-Voice, CCNA-R&S, CCDA<br>
Network Engineer<br>
Direct Voice: 443.541.1518</span><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"><br>
<br>
<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"><a href="https://www.facebook.com/heliontech?ref=hl" target="_blank"><span style="font-size:8.0pt;color:blue">Facebook</span></a></span><span style="font-size:8.0pt;font-family:"Calibri",sans-serif;color:#1f497d">
 | </span><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"><a href="https://twitter.com/HelionTech" target="_blank"><span style="font-size:8.0pt;color:blue">Twitter</span></a></span><span style="font-size:8.0pt;font-family:"Calibri",sans-serif;color:#1f497d">
 | </span><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"><a href="https://www.linkedin.com/company/helion-technologies?trk=top_nav_home" target="_blank"><span style="font-size:8.0pt;color:blue">LinkedIn</span></a></span><span style="font-size:8.0pt;font-family:"Calibri",sans-serif;color:#1f497d">
 | </span><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"><a href="https://plus.google.com/+Heliontechnologies/posts" target="_blank"><span style="font-size:8.0pt;color:blue">G+</span></a><u></u><u></u></span></p>
</div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"><u></u> <u></u></span></p>
<div>
<div style="border:none;border-top:solid #e1e1e1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> cisco-voip [mailto:<a href="mailto:cisco-voip-bounces@puck.nether.net" target="_blank">cisco-voip-bounces@puck.nether.net</a>]
<b>On Behalf Of </b>Lelio Fulgenzi<br>
<b>Sent:</b> Monday, July 27, 2015 9:55 AM<br>
<b>To:</b> <a href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a><br>
<b>Subject:</b> [cisco-voip] IM&P - Jabber for Everyone, MRA and private/public IP addressing<u></u><u></u></span></p>
</div>
</div>
<p class="MsoNormal"><u></u> <u></u></p>
<div></div></div></div><div lang="EN-US" link="#0563C1" vlink="#954F72"><div><div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Verdana",sans-serif;color:black"><u></u> <u></u></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Verdana",sans-serif;color:black">Just curious what people's thoughts are about Jabber for Everyone, MRA (via expressway) and private/public IP addressing of the presence servers. I've tried to
 find some documents that explain things, even in summary format, but with no luck.<u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Verdana",sans-serif;color:black"><u></u> <u></u></span></p>
</div>
</div></div></div><div lang="EN-US" link="#0563C1" vlink="#954F72"><div><div><div>
<div>
<p class="MsoNormal" style="background:#fdfdfd"><span style="font-size:10.0pt;font-family:"Verdana",sans-serif;color:black">My (random) concerns:<u></u><u></u></span></p>
</div>
<div>
<p style="margin:0in;margin-bottom:.0001pt;background:#fdfdfd"><span style="font-size:10.0pt;font-family:"Verdana",sans-serif;color:black"><u></u> <u></u></span></p>
<p style="margin:0in;margin-bottom:.0001pt;background:#fdfdfd"><span style="font-size:10.0pt;font-family:"Verdana",sans-serif;color:black">- does expressway support third party xmpp clients?</span><span style="font-size:10.0pt;font-family:"Verdana",sans-serif;color:#1f497d">
 No</span><span style="font-size:10.0pt;font-family:"Verdana",sans-serif;color:black"><u></u><u></u></span></p>
<p style="margin:0in;margin-bottom:.0001pt;background:#fdfdfd"><span style="font-size:10.0pt;font-family:"Verdana",sans-serif;color:black">- does expressway support jabber for everyone? (IM&P only)</span><span style="font-size:10.0pt;font-family:"Verdana",sans-serif;color:#1f497d">
 Yes</span><span style="font-size:10.0pt;font-family:"Verdana",sans-serif;color:black"><u></u><u></u></span></p>
<p style="margin:0in;margin-bottom:.0001pt;background:#fdfdfd"><span style="font-size:10.0pt;font-family:"Verdana",sans-serif;color:black">- does expressway scale to the possibly 25,000 IM users I might have?</span><span style="font-size:10.0pt;font-family:"Verdana",sans-serif;color:#1f497d">
 No, See here: <a href="http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/srnd/collab10/collab10/sizing.html#pgfId-1284691" target="_blank">
http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/srnd/collab10/collab10/sizing.html#pgfId-1284691</a></span><span style="font-size:10.0pt;font-family:"Verdana",sans-serif;color:black"><u></u><u></u></span></p>
<p style="margin:0in;margin-bottom:.0001pt;background:#fdfdfd"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">I would doubt you’d ever have all 25k users off site though… expressway is only for remote users<u></u><u></u></span></p>
<p style="margin:0in;margin-bottom:.0001pt;background:#fdfdfd"><span style="font-size:10.0pt;font-family:"Verdana",sans-serif;color:black">- expressway does not support all the on premise features, like file transfer</span><span style="font-size:10.0pt;font-family:"Verdana",sans-serif;color:#1f497d">
 - <a href="http://www.cisco.com/c/dam/en/us/td/docs/voice_ip_comm/expressway/release_note/Cisco-Expressway-Release-Note-X8-5-1.pdf" target="_blank">
http://www.cisco.com/c/dam/en/us/td/docs/voice_ip_comm/expressway/release_note/Cisco-Expressway-Release-Note-X8-5-1.pdf</a></span><span style="font-size:10.0pt;font-family:"Verdana",sans-serif;color:black"><u></u><u></u></span></p>
<p style="margin:0in;margin-bottom:.0001pt;background:#fdfdfd"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">Scroll to page 7 bottom<u></u><u></u></span></p>
<p style="margin:0in;margin-bottom:.0001pt;background:#fdfdfd"><span style="font-size:10.0pt;font-family:"Verdana",sans-serif;color:black">- do i use private or public IP addresses? </span><span style="font-size:10.0pt;font-family:"Verdana",sans-serif;color:#1f497d">Your
 expressway-e(s) is/are the only server(s) that gets exposed to the internet and even then you can NAT it and use 2 interfaces, one internal and one DMZ</span><span style="font-size:10.0pt;font-family:"Verdana",sans-serif;color:black"><br>
- no real details on how to deploy presence server on public IP but still use expressway for UC</span><span style="font-size:10.0pt;font-family:"Verdana",sans-serif;color:#1f497d"> – You don’t put a Presence server on a public ip. All External (MRA/XMPP/B2B)
 is via Expressway if you have it.</span><span style="font-size:10.0pt;font-family:"Verdana",sans-serif;color:black"><u></u><u></u></span></p>
<p style="margin:0in;margin-bottom:.0001pt;background:#fdfdfd"><span style="font-size:10.0pt;font-family:"Verdana",sans-serif;color:black"><u></u> <u></u></span></p>
</div></div></div></div></div><div lang="EN-US" link="#0563C1" vlink="#954F72"><div><div><div>
<div>
<p class="MsoNormal" style="background:#fdfdfd"><span style="font-size:10.0pt;font-family:"Verdana",sans-serif;color:black">Any ideas or pointers would help... Thanks!<u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal" style="background:#fdfdfd"><span style="font-size:10.0pt;font-family:"Verdana",sans-serif;color:black"><u></u> <u></u></span></p>
</div>
<div>
<p class="MsoNormal" style="background:#fdfdfd"><span style="font-size:10.0pt;font-family:"Verdana",sans-serif;color:black">Lelio<u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Verdana",sans-serif;color:black"><u></u> <u></u></span></p>
</div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Verdana",sans-serif;color:black"> <u></u><u></u></span></p>
</div></div></div></div><div lang="EN-US" link="#0563C1" vlink="#954F72"><div><div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Verdana",sans-serif;color:black"><u></u> <u></u></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Verdana",sans-serif;color:black">---<br>
Lelio Fulgenzi, B.A.<br>
Senior Analyst, Network Infrastructure<br>
Computing and Communications Services (CCS)<br>
University of Guelph<u></u><u></u></span></p>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Verdana",sans-serif;color:black"><u></u> <u></u></span></p>
</div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Verdana",sans-serif;color:black">519</span><span style="font-size:10.0pt;font-family:"Cambria Math",serif;color:black">‐</span><span style="font-size:10.0pt;font-family:"Verdana",sans-serif;color:black">824</span><span style="font-size:10.0pt;font-family:"Cambria Math",serif;color:black">‐</span><span style="font-size:10.0pt;font-family:"Verdana",sans-serif;color:black">4120
 Ext 56354<br>
<a href="mailto:lelio@uoguelph.ca" target="_blank">lelio@uoguelph.ca</a><br>
<a href="http://www.uoguelph.ca/ccs" target="_blank">www.uoguelph.ca/ccs</a><br>
Room 037, Animal Science and Nutrition Building<br>
Guelph, Ontario, N1G 2W1<u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Verdana",sans-serif;color:black"><u></u> <u></u></span></p>
</div>
</div></div></div>

_______________________________________________<br>
cisco-voip mailing list<br>
<a href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a><br>
<a href="https://puck.nether.net/mailman/listinfo/cisco-voip" rel="noreferrer" target="_blank">https://puck.nether.net/mailman/listinfo/cisco-voip</a><br>
</blockquote></div></div></div>