The transport protocol between expwe-e and c has to be TLS. The communication between the two has to be fully encrypted.
For the certificates, you need to install two certs on expwe and c..
1. The root CA certificate
2. Expwe and C certificates as server certs.
You need to generate CSR...
Generate CSR, send to CA to sign and use web and client server template
Upload cert as server certs.
Secondly on the issue you are having, it looks like you need to check your configuration. Looking at the logs the call is not matching the correct search rule. There is an auto generated rule that is configured when expressway-c does CUCM discovery. Even though this rule appears to be present, this call is not matching that rule..
Hence this call is then routed via a static rule you have defined..
Detail="Considering search rule 'Route to CUCM cluster' towards target 'to CUCM cluster' at priority '34' with alias 'firstname.lastname@example.org'"
This is what a normal MRA search rule should look like..
Detail="Considering search rule 'CEtcp-uclabcucm-sub' towards target 'CEtcp-uclabcucm-sub' at priority '45' with alias 'uclabcucm-sub;transport=tcp;lr'"
From the logs this call doesn't proceed like a MRA call. You should check your configuration.
In any case the reason why this call is failing is because expressway-e sends an ACK to the 200 OK sent by expressway-c contains no SDP and the reason is because the original INVITE from sx20 to expwe doesn't have any SDP in it..
You should enable Early offer on the SIP profile, assigned to SX20.
Here is the original invite from expressway-e to c
2. Your test call though its going through epxwe, is not a MRA call. I gave you a detailed explanation above. Another thing that is incorrect is that your cucm servers are defined with ip address, this wont work with MRA. This is why your auto generated rule is not working. When expwc creates the serach rule, it uses the format 'CEtcp-hostname'
This hostname needs to be what you configure on cucm and also in your UDS DNS SRV records.
3. I gave you lots of thoughts on why your call is failing..Please read the log analysis and my suggestion....enable early offer on your SX20 sip profile..
Please rate all useful posts
"The essence of christianity is not the enthronement but the obliteration of self --William Barclay"
The short answer is that you don't.... That isn't entirely true while at
the same time it kind of is, but for the most part you don't configure
the softkeys. You enable or disable them via TCL. Here is the long
answer. Be sure to read the whole thing or e...
Topology: IP Phone > Switches > Microsoft NPS setup to forward 802.1x
proxy to > ISE 2.1 patch 3 Authentication: EAP-TLS using Cisco MIC SANs
Phone Models 802.1X support? 802.1x flavor Addtl Comment EAP-MD5 EAP-TLS
Cisco 3905 Y Y N Cisco 6911 Y Y N Cisco ...
This document describe how DST changes and how time changes are
implemented in DST. Daylight Saving Time (DST) is the practice of
setting the clocks forward 1 hour from standard time during the summer
months, and back again in the fall, in order to make b...