Mobile and remote access via cisco vcs deployment guide

Log into the Web Interface and start to configure the necessary system information. Some fields and options will only be available after the license keys are installed. You will need the serial number to enter in the Cisco Licensing Portal. Peer 1 Address: Now its time to deploy the VCS Expressway. TLS verify subject name: Traversal Communications.

However the traversal zone will be throwing errors due to security invalid security certificates. From release X8.


  • camera apps for windows mobile 6?
  • colin mcrae rally iphone video!
  • Cisco TelePresence Video Communication Server (VCS) - Configuration Guides - Cisco.
  • big ben nokia lumia 710!
  • Post navigation!
  • why does my hot or not app not work.
  • cheat engine 6.2 iphone download.

So, we need to either purchase external certificates or use an Internal CA to sign certificates. Select Generate CSR. Download the CSR file and give to your Security Admin to either enrol a certificate or purchase a third party certificate.

It is recommended a public certificate be generated for the VCS Expressway. Upload the signed certificate once received. I created an SRV Record for each domain the users will be logging into. Authentication errors can be caused by certificates, DNS mis-configuration. This white list is where you enter any auxiliary servers for example photo database server also Unity Connection Servers so Jabber can access Voicemail. Main menu Skip to primary content. Skip to secondary content. Home About Me. This article is based on the following UC platforms: An internal name is a domain or IP address that is part of a private network.

Common examples of internal names are: Historically these have typically been deployed with IP addresses only, or internal domains e. Jabber requires valid certificates for login now. See the Expressway Certificate guide p. Without a certificate with proper SANs, Jabber will either throw an invalid cert error, or will completely deny login to UC services. Internally Jabber communicates directly with each component.

Option 1a: Deploy a new public domain name for UC services internally. For example if your domain name was domain.

iPhone Apps by me

If you do this, then you need to take in to consideration that the MRA deployment becomes a multi-domain or split-domain deployment which requires some special treatment like the VoiceServicesDomain option. See my previous post about multi-domain deployments. Configuration example here — http: Options 1b: The seemingly easier deployment would be to just match your public domain name that you use for email e.

This makes services discovery nice and clean. The challenge to this method is usually the need to deploy a split DNS for internal and external name resolution. The internal DNS server also serving the domain. There are no restrictions on SANs with your own certificate server. I detail how to use OpenSSL to sign certs in an earlier post.


  • Category: VCS to CUCM SIP Trunk Guide.
  • sony xperia z2 htc m8 karşılaştırma;
  • Configuration Guides.
  • Blog Stats?

The major constraint to this deployment option is the need to get the trusted cert from your CA server on to all devices that will use MRA. AD does it for your Windows machines automatically, but mobile devices will need to have this certificate installed. The name change procedure is here for CUC — http: Collab Edge is now supported. Deploying with WebEx Messenger is not covered here, but the bulk of the configuration is the same as far as the Expressway piece.

The biggest challenge in the initial deployment was finding all of the necessary documentation! Things you need to know like certificate chaining, or OpenSSL are in various docs. The DX will support Collaboration Edge in a future release of firmware.

Support Documentation

Expressway-Core is the same story. Licenses are charged for the other VCS features mentioned above. VCS is supported for limited sized deployments. I posted a later post that discusses what to order. You will likely want to do this independent of Collaboration Edge as all of the Jabber clients are no longer trusting self-signed certificates. Granted they are only shown once during the very first login if the user accepts them on each client. This section is no longer required as current versions of the clients Win 9.

Download the OVA from Cisco here. Either on a stick in your DMZ perhaps You need this in order to have it two legged, or do NAT.

Cisco Collaboration Edge – Mobile Remote Access (Jabber with no VPN)

Not the case! Look at p. Jabber decides if it is inside the network or outside the network depending on what SRV records it can resolve. A couple notes: You can either get public ones, or sign your own with your own CA. The major reason for a valid trusted CA-signed certificate is to stop Jabber from throwing a certificate warning on the initial MRA login to Expressway-E itself.

I highly recommend deploying a publicly trusted CA signed certificate. Deprecated instructions for VCS 7. The best document out there is this WebEx enabled Telepresence VCS Config document that describes how to chain up the intermediate cert properly here — http: You will need to get a specific type of certificate, the multi-SAN subject alternative names also called a UCC certificate.

Cisco Cisco TelePresence Video Communication Server Model Manual

This worked perfectly for me after loading and rebooting the servers. The UC traversal zones came right up. Once for Expressway-E and once for Expressway-C. Take the CA root cert that you generated and import it into the trusted list on both boxes, and then import your signed server cert on the appropriate box. Resume the configuration tasks in the Admin guide on p. If your certificates are good, you will see the traversal zone go active on both servers under Status Unified Communications.

If not, double-check your configuration settings, and double-check your certificates. My initial attempt where the certificates were not chained properly showed a continuous loop of TLS failures. Instructions for this are found on p. You need to look at the Developer Logs. You can enable them for debug level as well as collect a tcpdump. Make sure to add your Unity Connection, and any other servers that Jabber needs access to.

Unity Connection requires it for Visual Voicemail to work. No longer required unless you are doing separate internal and external domains. If Jabber does not auto-discover, troubleshoot your SRV records. The easiest method is to use dig or nslookup. Launch Jabber on your device. Be very patient for it to either succeed or fail. It can take a significant amount of time to login successfully on the 9. If your login fails, click the Send Error Report and email it to yourself.

Cisco Collaboration Edge – Mobile Remote Access (Jabber with no VPN) – Collaboration Engineer

Open the ZIP file and look through going from bottom to top to see where the errors are. The logs will include more than just the current login attempt, so note the time when you are attempting to login and look at the timestamps in the log. Please send me questions that you have as you attempt to deploy it. Standard Posted by Mike White. Posted on July 29, Comments 7 Comments.

Leveraging Cisco Mobile Remote Access

From the Release notes: DNS entries: Do you have forward and reverse DNS lookups for all infrastructure. If the Expressway cannot resolve hostnames and IP addresses of systems,your complex deployments eg. MRA could stop working as expected after you upgrade. Posted on November 22, Comments 11 Comments.

I made sure to set the device association my end user in CUCM. This is important for MRA later. After putting in my credentials I was greeted with this error: Posted on November 12,