Installation & Configuration of Expressway C & E – MRA

 

Installation & Configuration of Expressway C

• To install the license first login into Expressway C.
• Post login, click on Maintenance > Option Keys
• Under Software Option > Add Option Key > Enter the Key you have received.
• Click on Add Option
• Follow the same steps to add additional licenses you want to install.
• You need to reboot the Expressway, click on Maintenance > Restart Options > Click Restart
• Once the Server is up and running, you would see Cisco Expressway-C banner post login.

Configuring the System Name

• Navigate to System > Administration
• System Name > Enter a Name which defines the name of the Expressway, like “EU-ExpresswayC“
• Click on Save

Configuring the DNS Settings

• • Navigate to System > DNS
  • System Host Name > Enter the Hostname of Expressway like “ExpresswayC“.
  • Domain Name > Enter the Domain Name like “uccollabing.com”.
  • Default DNS Servers > Address 1 > Enter the IP Address of the Internal DNS Server to be used when resolving domain names.
  • Click on Save

Configuring Time on Expressway C

• • Navigate to System > Time
    
  • NTP Server 1 > Enter NTP Server IP Address or NTP Server FQDN.
  • Time Zone > Select appropriate Time zone.
  • Click on Save

Configuration of Domains

• • Navigate to Configuration > Domains
  • Click on New
  • Domain Name > Enter the domain name like “uccollabing.com”
  • Click on Save

Unified Communications Configuration

• Navigate to Configuration > Unified Communications > Configuration
• Unified Communication Mode > Select Mobile and remote Access from drop down menu
• Click on Save

Modify Domains Configuration

• Navigate to Configuration > Domains > 
  
• Click on the domain that you have configured in the previous step. In our example it was “uccollabing.com”
• SIP registrations and provisioning on Expressway > Select “ON” from drop down menu
• Click on Save

Configure Unified CM Server

• • Navigate to Configuration > Unified Communications > Unified CM Servers
  • Click on New
  • Unified CM publisher address > Enter the IP Address or FQDN of CUCM Publisher. I have used cucmpub.uccollabing.com as my FQDN
  • Username > Enter the CUCM Username
  • Password > Enter the CUCM Password
  • TLS Verify Mode > Select OFF from drop down menu
  • Click on Save

Configure IM and Presence Service nodes

• Navigate to Configuration > Unified Communications > IM and Presence Service nodes
• Click on New
• IM and Presence Service database publisher node > Enter IP Address or FQDN of IM&P. I have used cups.uccollabing.com as my FQDN.
• Username > Enter the Username of CUPS
• Password > Enter the Password of CUSP
• TLS Verify Mode > Select OFF from drop down menu
• Click on Save
  

  Installation & Configuration of Expressway E

  I followed the same procedure to install Expressway E like Expressway C

  License Installation

  To install the license first login into Expressway E.

• Post login, click on Maintenance > Option Keys
• Under Software Option > Add Option Key > Enter the Key you have received.
• Click on Add Option
• Follow the same steps to add additional licenses you want to install.
• You need to reboot the Expressway, click on Maintenance > Restart Options > Click Restart

   

  Configuring the DNS Settings

  • • Navigate to System > DNS
    • System Host Name > Enter the Hostname of Expressway like “ExpresswayE“.
    • Domain Name > Enter the Domain Name like “uccollabing.com”.
    • Default DNS Servers > Address 1 > Enter the IP Address of the External DNS Server to be used when resolving domain names.
    • Click on Save
    • Once the Server is up and running, you would see Cisco Expressway-E banner post login.

       

      Configuring the System Name

      • Navigate to System > Administration
      • System Name > Enter a Name which defines the name of the Expressway, like “EU-ExpresswayE“
      • Click on Save

       

      Configuring the IP Address on LAN1 and LAN2 – Dual Network Interface

      • • IP Protocol > IPv4 Only
        • Use dual network interface > Select Yes from drop down menu
        • External LAN interface > Select appropriate LAN interface from drop down menu
        • IPv4 Gateway > Enter the Gateway IP Address
        • Lan 1 – Internal > Fill the information with appropriate details and IPv4 static NAT mode to be OFF
        • LAN 2 > External > Fill the information with appropriate details and IPv4 static NAT mode to be ON

       

      Configuring Time on Expressway E

      • • Navigate to System > Time
        • NTP Server 1 > Enter NTP Server IP Address or NTP Server FQDN.
        • Time Zone > Select appropriate Time zone.
        • Click on Save

Enabling Mobile and Remote Access on Expressway E

• Navigate to Configuration > Unified Communications > Configuration
• Unified Communications Mode > Select Mobile and remote access from drop down menu
• Click on Save

Generate Certificates for Expressway C and E

To generate Certificates, i installed Microsof Active Directory Certificate Services (Certificate Authority) on Windows Server 2012. I used the same server to generate certificates. The steps to generate certificate is very important and should be followed carefully, else the Traversal Zone may fail or you could hit other issues.

Download CA Certificate from CA Server: 

• If you are using Microsoft Certificate Authority, you can use the CA Server URL to generate the certificate. The URL would be http://IP_Address/certsrv/   (replace IP_Address with your Microsoft CA Server IP Address)
• Enter CA Server Username
• Enter CA Server Password
• Under Select a task > Click on Download a CA Certificate, certificate chain or CRL
• Encoding Method > Radio Check Base 64
• Click on Download CA Certificate and rename it to CARootCertificate or any name which you remember easily.

Upload CA Certificate On Expressway C

• Navigate to Maintenance > Security Certificate > Trusted CA Certificate
• Click on Browse
• Select the CARootCertificate file which you downloaded in the above step
• Click on Append CA Certificate
• Once the certificate is uploaded, ensure that the certificate is valid.

Generate CSR on Expressway C

• Navigate to Maintenance > Server Certificate
• Click on Generate CSR
• Common Name > I will leave it as default.
• Subject Alternative Name > It has to include internal and external domain.
• IM & Presence Chat Node Aliases > Fill this information with your CUPS Group Chat Alias Mapping
  (Login to CUPS > Navigate to Messaging > Group Chat Server Alias Mapping)
• Unified CM Phone security profile name > I left it as blank
• Key Length (in bits) > 4096
• County > Fill this information
• State or Province > Fill this information
• Locality (town name) > Fill this information
• Organization (Company Name) > Fill this information
• Organization Unit > Fill this information
• Click on Generate CSR
• Download Certificate Signing Request (CSR)
• Open the file using Notepad or Notepad++ or any text editor
• Copy all the text from the notepad – Ensure that whatever is downloaded is what you have copied. No characters or spaces are extra.

Request a Certificate for Expressway C

• Go back to the Microsoft CA Certificate URL
• Click on Request a Certificate
• Click on Advanced Certificate Request
• Click on Submit a certificate by using a base-64-encoded CMC or PKCS #10 file. or submit a renewal request by using a base-64-encoded PKCS #7 file.
• Base-64-encoded certificate request > Paste the text that you have copied from the previous step
• Client Certificate Template > Select Web Client and Server Template from drop down
• Click on Submit
• Radio check > Base 64 encoded
• Click on Download Certificate
• Save the file in your PC and name the file as Cert_ExpC_Cert

Upload the Certificate in Expressway C

• Go back to Expressway C
• Navigate to Maintenance > Security Certificate > Server Certificate
• Upload New Certificate > Click on Browse and upload the certificate that you have downloaded in the previous step
• Click on Upload Server Certificate Data
• Restart Expressway C

Repeat the same process for Expressway E

• Upload CA Certificate On Expressway E
• Generate CSR on Expressway E
• Request a Certificate for Expressway E
• Upload the Certificate in Expressway E

Configuring Traversal Zone on Expressway C and Expressway E

• Login to Expressway E
• Navigate to Configuration > Zones > Zones
• Click on New
• Name > TraversalZoneExpE
• Type > Select Unified Communications traversal
• Click Create Zone
• Click on Add/Edit local authentication database and a pop-up window will open
• Click on New
• Name > Enter a username like “TraversalAdmin”
• Password > Enter a password
• Click on Create Credential
• SIP Port > 7001
• TLS Verify Subject Name > Enter FQDN of Expressway C
• Authentication Policy > Select Treat as Authenticated from drop down menu
• Click on Save
• Login to Expressway C
• Navigate to Configuration > Zones > Zones
• Click on New
• Name > TraversalZoneExpC
• Type > Select Unified Communications traversal
• Click Create Zone
• Name > Enter the username which you created in the above step. In our case it is “TraversalAdmin”
• Password > Enter a password
• SIP Port > 7001
• Authentication Policy > Select Treat as Authenticated from drop down menu
• Peer 1 address > Enter the IP Address or FQDN of Expressway E. In our case it is ExpresswayE.uccollabing.com
• Click on Save
• Ensure that the status is Active once you save the settings

Allow Jabber to access voicemail

• Login to Expressway C
• Navigate to Configuration > Unified Communications > Configuration
• Under Advanced > HTTP server allow list > Click on Configure HTTP server allow list
• Click on New
• Server Hostname > Enter IP Address of Unity Connection
• Description > Enter a short description
• Click on Save

DNS SRV Lookup – Internal Network and over Internet

Internal Network – Verification :  

• Login to the Windows Machine where you Jabber is installed within the network
• Go to Start > Run > Type CMD and hit enter
• Type  nslookup and hit Enter
• Type set type=srv  and hit enter
• Type _cisco-uds._tcp.yourdomain.com  and hit enter
• This should give you the IP Address pointing to your CUCM
• Type set type=srv  and hit enter
• Type _cuplogin._tcp.yourdomain.com  and hit enter
• This should give you the IP Address pointing to your CUPS

External Network – Verification

• Login to Windows Machine where your Jabber is installed outside the network
• Go to Start > Run > Type CMD and hit enter
• Type  nslookup and hit Enter
• Type set type=srv  and hit enter
• Type _collab-edge._tls.yourdomain.com  and hit enter
• This should give you the IP Address pointing to your Expressway E.
• Make sure that the CUCM, CUPS and Expressway C is not reachable from outside network.

Jabber Testing

• Login from Internal Network windows machine where jabber is installed
• Login with username@domain.com and password for jabber
• You should be able to login successfully.
• Login from External Network windows machine where jabber is installed
• Login with username@domain.com and password for jabber
• You should be able to login successfully
• Also check your jabber diagnostic by pressing Ctrl + Shift + D on your jabber Window. This will display you the information on how the jabber is registered and other important details.
• Now make calls from Internal network jabber client to external network jabber client and the call should work

Note: I have tested this in my lab and it worked as expected.

Hope this helps!