Special thank you to Ben Petroff and the Stack8 Managed Services team for their expertise with Cisco Expressway
Earlier this spring, Cisco had announced a denial of service (DoS) vulnerability affecting CUCM 10.x and 11.x, which we discussed in a previous blog post entitled: Important DoS Vulnerability for CUCM 10.x and 11.x "cisco-sa-20170419-ucm"
Cisco has recently announced that Cisco Expressway and TelePresence Video Communication Server (VCS) are also affected by a similar DoS vulnerability. Advisory ID “cisco-sa-20170816-vcs” (CVE-2017-6790) explains that an unauthenticated, remote attacker could send excessive SIP traffic to the device and cause a complete DoS condition on the targeted system.
In this third article, we will expand upon what we learned in part 1 and part 2 regarding Jabber and how to renew your CA-signed certificates. In this final article, we will examen the certification process within Cisco Expressway.
It is important to note that for Jabber Mobile and Remote Access (MRA) feature as well as for Business to Business calls (B2B), it is mandatory to have a CA-signed certificate on the Expressway-Edge node. On the other hand, there is no such requirement for Expressway-Core. However, Stack8 recommends a CA-signed certificate to be used on both Expressway servers.
Another requirement is to cross upload all Root and Intermediate certificates on both nodes in order for the Secure Traversal Zone to be active and communication between two Expressway nodes to work.
Do not forget to verify, every time you renew your certificates, if there is a change on the Root or any of the Intermediate certificates and Upload all new chain certs in the Trusted Certificates section of the server.
If you already have Cisco Expressway MRA and SIP URI dialing activated in your Cisco Unified Communications environment, then you should seriously begin to think about activating another very key feature within Cisco Expressway: Business-to-Business dialing.
This feature will bring your collaboration with your partners and customers to whole new level; allowing you to have audio and video calls with them as seamlessly as you do with your coworkers.
A big part of the configuration process for B2B calls is deploying public DNS SRV records that will allow your partners and clients to call you using your corporate domain.
Assuming you have all necessary ports on the firewall already opened. The following will take you through the steps required to effectively configure the B2B SIP URI dialing feature within Expressway.
More and more companies these days have mobile workforces: teams that work on the road or who have the ability to work from home. To help maximize efficiency and to make this mobility seamless to the individuals and the rest of the team Mobile and Remote Access (MRA) via Cisco Expressway is the key. Being able to use Cisco Jabber and IM&P help bring mobile collaboration to another level. However, there are times when this seamless mobility runs into a snag and an error occurs; one of the most common errors while using Jabber in MRA mode via Cisco Expressway is "cannot communicate with the server". Today's tip is about how to effectively troubleshoot this problem.
Cisco Jabber login error when trying to communicate using Mobile and Remote Access via Cisco Expressway: "cannot communicate with the server".