Manual
Table Of Contents
- Preface
- Introduction
- Process Summary
- Prerequisites
- Run the Service Setup Wizard
- VCS System Configuration
- Routing Configuration
- Pre-search Transforms
- Search Rules
- Task 8: Configuring Transforms
- Task 9: Configuring Local Zone Search Rules
- Task 10: Configuring the Traversal Zone
- Neighboring Between VCS Clusters
- Task 11: Configuring Traversal Zone Search Rules
- Task 12: Configuring the DNS Zone
- Task 13: Configuring DNS Zone Search Rules
- Task 14: Configuring External (Unknown) IP Address Routing
- Endpoint Registration
- System Checks
- Maintenance Routine
- Optional Configuration Tasks
- Appendix 1: Configuration Details
- Appendix 2: DNS Records
- Appendix 3: Firewall and NAT Settings
- Appendix 4: Advanced Network Deployments
- Obtaining Documentation and Submitting a Service Request
- Cisco Legal Information
- Cisco Trademark
The VCS allows you to install a certificate that can represent the VCS as either a client or a server in connections
using TLS. The VCS can also authenticate client connections (typically from a web browser) over HTTPS. You can
also upload certificate revocation lists (CRLs) for the CAs used to verify LDAP server and HTTPS client certificates.
The VCS can generate server certificate signing requests (CSRs). This removes the need to use an external
mechanism to generate certificate requests.
For secure communications (HTTPS and SIP/TLS) we recommend that you replace the VCS default certificate with a
certificate generated by a trusted certificate authority.
Note that in connections:
■ to an endpoint, the VCS acts as the TLS server
■ to an LDAP server, the VCS is a client
■ between two VCS systems, either VCS may be the client with the other VCS being the TLS server
■ via HTTPS, the web browser is the client and the VCS is the server
TLS can be difficult to configure. For example, when using it with an LDAP server we recommend that you confirm the
system is working correctly over TCP before attempting to secure the connection with TLS. We also recommend
using a third party LDAP browser to verify that your LDAP server is correctly configured for TLS.
Note: Be careful not to allow your CA certificates or CRLs to expire. This may cause certificates signed by those CAs
to be rejected.
To load the trusted CA list, go to Maintenance > Security certificates > Trusted CA certificate.
To generate a CSR and/or upload the VCS's server certificate, go to Maintenance > Security certificates > Server
certificate.
For full information, see VCS Certificate Creation and Use Deployment Guide on the VCS configuration guides page.
Task 6: Configuring NTP Servers
The NTP server address fields set the IP addresses or Fully Qualified Domain Names (FQDNs) of the NTP servers to
be used to synchronize system time. The Time zone sets the local time zone of the VCS.
To configure the NTP server address and time zone:
1. Go to System > Time.
2. Configure the fields as follows, on both VCS Control and VCS Expressway:
VCS Control VCS Expressway
NTP server 1 Enter pool.ntp.org Enter pool.ntp.org
Time zone GMT in this example GMT in this example
3. Click Save.
22
Cisco VCS Expressway and VCS Control - Basic Configuration Deployment Guide
VCS System Configuration