In this blog I will give you a quick general level overview of what is Cisco Expressway. I will cover basic fundamentals on it’s purpose and how it works. Cisco Jabber is a popular software based communication platform used in conjunction with CUCM (Cisco Unified Communications Manager). You can use the Cisco Jabber program to place calls from your computer, instant messaging and see peoples presence information. Jabber is a popular collaboration solution and easily implemented internally on a corporate network. When the Cisco UCM server is located inside of your organisations network protected by a firewall there is a level of complexity to allow Jabber to connect. This is where you would look at implementing Cisco Expressway.
Firewalls are state-full which means connections that are initiated from inside of the network to outside are trusted. All traffic going outbound will be trusted and all reply traffic will be allowed as the session was initiated internally. All connections externally trying to establish a session with someone on the inside of the network it will be denied. There are some scenarios where we would want connections from the internet to access the internal network. To do this we create a DMZ or a demilitarised zone. The resource is placed into this zone and the communication between the DMZ and the Internal network is restricted.
Expresway Setup Overview
To set up Cisco Expressway your will need to set up two servers. You will install one of your expressway servers on your internal network (Cisco Expressway C or core server) and the other will be installed inside a DMZ zone (Cisco Expressway – E or edge server). Your remote device will connect to the Expresway E Server and with help from some firewall rules the expressway E server will talk to the Internal Expressway C server. The session established between the two servers will remain up. Your remote devices will connect to the internal Cisco Unified Communications server successfully.
From my experience, I found the most important implementation item when setting up Cisco Expressway is correctly configuring your DNS and SRV records. This will allow the remote device to successfully register with your Cisco Call Manger is your internal and external DNS and SRV records. You will need SRV records or a service locator record to help locate call manager services of a system. In this instance we are locating the service of the Cisco Call Manager. By doing this will ensure that your external device knows the external SRV record of your Expressway E server.
Cisco expressway is a great tool to allow your users to stay connected via Jabber regardless whether they are on your internal or external to your network. Hopefully this quick overview gives you a quick understanding on how Cisco expressway operates how the firewall traversal technique will work to allow Jabber clients to connect via internally and externally.