Configuration section:
|
Name
|
The name acts as a unique identifier, allowing you to distinguish between zones of the same type.
|
|
Type
|
The nature of the specified zone, in relation to the local Expressway. Select Traversal server.
|
After a zone has been created, the Type cannot be changed.
|
Hop count
|
The hop count is the number of times a request will be forwarded to a neighbor gatekeeper or proxy (see the Hop counts section for more information). This field specifies the hop count to use when sending a search request to this particular
zone.
|
If the search request was received from another zone and already has a hop count assigned, the lower of the two values is
used.
|
Connection credentials section:
|
Username
|
Traversal clients must always authenticate with traversal servers by providing their authentication credentials.
The authentication username is the name that the traversal client must provide to the Expressway-E. (It is configured as the
connection credentials Username in its traversal client zone.)
|
There must also be an entry in the Expressway-E's local authentication database for the client’s authentication username and
password. To check the list of entries and add it if necessary, go to the Local authentication database page. Either:
|
H.323 section:
|
Mode
|
Determines whether H.323 calls are allowed to and from the traversal client.
|
|
Protocol
|
Determines the protocol (Assent or H.460.18) to use to traverse the firewall/NAT.
|
See Configuring Ports for Firewall Traversal for more information.
|
Port
|
The port on the local Expressway-E to use for H.323 calls to and from the traversal client.
|
|
H.460.19 demultiplexing mode
|
Determines whether or not the same two ports are used for media by two or more calls.
On: All calls from the traversal client use the same two ports for media.
Off: Each call from the traversal client uses a separate pair of ports for media.
|
|
SIP section:
|
Mode
|
Determines whether SIP calls are allowed to and from the traversal client.
|
|
Port
|
The port on the local Expressway-E to use for SIP calls to and from the traversal client.
|
This must be different from the listening ports used for incoming TCP, TLS and UDP SIP calls (typically 5060 and 5061).
|
Transport
|
Determines which transport type is used for SIP calls to and from the traversal client. The default is TLS.
|
|
Unified Communications services
|
Controls whether this traversal zone provides Unified Communications services, such as mobile and remote access.
|
If enabled, this zone must also be configured to use TLS with TLS verify mode enabled.
This setting only applies when Unified Communications mode is set to Mobile and remote access.
|
TLS verify mode and subject name
|
Controls X.509 certificate checking and mutual authentication between this Expressway and the traversal client.
If TLS verify mode is enabled, a TLS verify subject name must be specified. This is the certificate holder's name to look for in the traversal client's X.509 certificate.
|
If the traversal client is clustered, the TLS verify subject name must be the FQDN of the cluster.
See TLS Certificate Verification of Neighbor Systems for more information.
|
Accept proxied registrations
|
Controls whether proxied SIP registrations routed through this zone are accepted.
|
This setting only applies to registration requests for a domain for which the Expressway is acting as a Registrar. For requests
for other domains the SIP Registration Proxy Mode setting applies. See Proxying registration requests for more information.
|
Media encryption mode
|
Controls the media encryption policy applied by the Expressway for SIP calls (including interworked calls) to and from this
zone.
|
See Configuring Media Encryption Policy for more information.
|
ICE support
|
Controls whether ICE messages are supported by the devices in this zone.
|
See Configuring ICE Messaging Support for more information.
|
ICE Passthrough support
|
Controls how the Expressway supports ICE Passthrough in this zone.
|
ICE Passthrough support takes precedence over ICE support. Best practice is to turn on ICE Passthrough support and turn off
ICE support.
Configuration details and required versions for ICE passthrough are in the Mobile and Remote Access Through Cisco Expressway Guide on the Expressway Configuration Guides page.
|
Multistream mode
|
Controls whether the Expressway B2BUA allows multistream calls to be negotiated between calling parties.
On: Expressway allows the calling parties to negotiate and set up a multistream call through this zone
Off: Expressway rejects multistream negotiation through this zone. The calling parties should fall back on negotiating a standard
call.
|
This toggle has no effect on the call when the call does not traverse the B2BUA.
The default is On because we expect calling parties to respond correctly to each other if they do not both have multistream capability. However,
if you are having trouble with configuring multistream between the calling parties, you may wish to disable multistream mode
to check if the calling parties can negotiate a standard call.
In the case of a TelePresence Server, a standard call means that the TelePresence Server composes the streams from multiple
participants into one "conference stream" to send to the endpoint, instead of sending multiple streams to the endpoint to process in its own way.
|
Poison mode
|
Determines if SIP requests sent to systems located via this zone are "poisoned" such that if they are received by this Expressway again they will be rejected.
|
|
Preloaded SIP routes support
|
Switch Preloaded SIP routes support
On to enable this zone to process SIP INVITE requests that contain the Route header. Switch Preloaded SIP routes support
Off if you want the zone to reject SIP INVITE requests containing this header.
|
|
SIP parameter preservation
|
Determines whether the Expressway's B2BUA preserves or rewrites the parameters in SIP requests routed via this zone.
|
On preserves the SIP Request URI and Contact parameters of requests routing between this zone and the B2BUA.
Off allows the B2BUA to rewrite the SIP Request URI and Contact parameters of requests routing between this zone and the B2BUA,
if necessary.
Default: Off
|
AES GCM support
|
Enables AES GCM algorithms to encrypt/decrypt media passing through this zone.
|
This is disabled by default. You should enable it if the calling parties are trying to negotiate AES GCM.
|
SIP UPDATE for session refresh
|
Determines whether this zone supports the SIP UPDATE method to send and receive session refresh requests.
|
On: This zone sends and receives SIP UPDATE for session refresh requests.
Off: This zone does not allow SIP UPDATE for session refresh requests.
Default: Off
|
Authentication section:
|
Authentication policy
|
Controls how the Expressway authenticates incoming messages from this zone and whether they are subsequently treated as authenticated,
unauthenticated, or are rejected. The behavior varies for H.323 messages, SIP messages that originate from a local domain
and SIP messages that originate from non-local domains.
|
See Authentication policy for more information.
|
UDP / TCP probes section:
|
UDP retry interval
|
The frequency (in seconds) with which the client sends a UDP probe to the Expressway-E if a keep alive confirmation has not
been received.
|
The default UDP and TCP probe retry intervals are suitable for most situations. However, if you experience problems with NAT
bindings timing out, they may need to be changed.
|
UDP retry count
|
The number of times the client attempts to send a UDP probe to the Expressway-E during call setup.
|
|
UDP keep alive interval
|
The interval (in seconds) with which the client sends a UDP probe to the Expressway-E after a call is established, in order
to keep the firewall’s NAT bindings open.
|
|
TCP retry interval
|
The interval (in seconds) with which the traversal client sends a TCP probe to the Expressway-E if a keep alive confirmation
has not been received.
|
|
TCP retry count
|
The number of times the client attempts to send a TCP probe to the Expressway-E during call setup.
|
|
TCP keep alive interval
|
The interval (in seconds) with which the traversal client sends a TCP probe to the Expressway-E when a call is in place, in
order to maintain the firewall’s NAT bindings.
|
|