Post

Cisco Expressway Mobile Remote Access (MRA)

Posted
By Sena Perdiana 2 min read

Mobile and Remote Access (MRA) allows remote and mobile workers to securely access the corporate collaboration services without the need for a VPN. It facilitates secure connections for voice, video, instant messaging, and presence directly through the Expressway edge and core servers, enabling seamless communication as if users were within the corporate network.


Here’s the topology for this MRA deployment

x


Installing Expressways

First deploy 2 Expressways VMs, one for Expressway Core and the other for Expressway Edge

x


Run the CLI configuration and the web UI should be accessible right after

x

x


Expressway Core

On the Expressway Core VM, select Expressway-C and for the service select MRA

x


Configure the IP address, credentials, DNS and NTP

x


And that should do it for the Exp-C configuration

x


Expressway Edge

For the Edge, select Expressway-E at the beginning and the rest should be roughly the same

x

x

x


Because Exp-E uses two interfaces, go to System » Network interfaces and configure the Internal and External interfaces

x


Configuring CUCM Integration

Expressway C

On Core, go to Configuration » Unified Communications, select the mode to be MRA and configure the authentication method

x


Next add the CUCM servers

x


Expressway E

On Edge, go to Configuration » Unified Communications and select the MRA

x


Configuring Domains

Expressway C

On Core, go to Configuration » Domains, input the domain name the supported services

x


Dealing with Certificates

Expressway C

On Core, go to Maintenance » Security » Server certificate, select generate CSR

x


Then sign the CSR on the Certificate Authority using Client Server Auth Template

x


Next add the Root CA Certificate on to the Trusted CA Certificates

x


Back to Server certificate, finish the CSR by uploading the signed certificate

x


Expressway E

Repeat the process for the Edge

x

x

x

x


Creating Zone

Expressway E

On the Edge, go to Configuration » Zones, create the traversal zone pointing to the Core

x


Expressway C

On the Core, enter the same credential and port as configured on the Edge

x


And add the Edge’s address as the peer

x


Now we can see the traversal zone is active

Expressway C

x

Expressway E

x


Configuring DNS Srv

On the internet, configure the hostname to point to the Edge External NAT IP Address

x


Then create a DNS Srv _collab-edge that points to the Edge’s FQDN

x


Run a nslookup to validate the configuration

x


Logging in using MRA

Now on the internet, when we try to hit the helena.gg domain, the endpoint will use the _collab-edge DNS Srv Record to locate the CUCM Service

x

x


On Maintenance » Logging, we can see the the logs of the users authenticating to CUCM through Expressway

x


Collaboration, Expressway
CUCM
This post is licensed under CC BY 4.0 by the author.