Why do we need Cisco Expressway Solution Since there is the VPN AnyConnect solution?

In the past without Cisco Expressway solution, employees behind internet had the need to use the VPN Client (like vpn anyconnect) in order to register their Jabber Client into the the enterprise’s Call Control CUCM which is basically and for security purposes resides in the inside network, yes VPN Client is a solution for the end users and employees to provide a secure registration of their Cisco Jabber Client when they are located in the internet, but there are many constraints:

-The administrators needs to ensure the correct VPN Client (AnyConnect) is installed on the pc’s employee.

-If it is not installed, the employees should be educated to access the SSL VPN Clientless portal of the firewall (ASA from Cisco s’perspective), login into the portal and download the AnyConnect installer.

-Once the VPN Client installed, the employees will use the VPN Client and their own credentials to access the inside network of the office in order to have the reachability and connectivity to the Call Control (CUCM). The VPN AnyConnect provides full access to the inside network but we can control this access through ACL through the VPN-Filter. This traditional VPN Client solution protects both the DATA and VOICE Traffic.

The advent of the Cisco Expressway Solution is to avoid the tasks of installing a VPN Client, limit the access to the voice traffic only and educate the end users about how to download the correct version of VPN client and how to use it.

The idea behind the Cisco Expressway solution is to provide a secure registration of Cisco Jabber Client without a VPN client installed, a dedicated security solution for collaboration (voice traffic), so the goal providing a LESS-VPN Solution so that the end users are not disturbed by softwares installation issues.

The other idea is to improve the end users ‘s experience by providing a secure registration in the background (in other words using the DNS SRV records to locate the Cisco Expressway Edge), in other words we will not disturb the end user by a trainings ( how to access the SSL portal of the ASA and how to install and to use the VPN client). Instead the end users has to put their credentials using a public domain and automatically in the background a TLS connection is triggered to the Expressway Edge and proxied to the enterprise ‘s Call Control through the Cisco Expressway Core.

Published by:

Redouane MEDDANE

Redouane MEDDANE is Cisco Instructor CCSI #35458, 3xCCNP Collaboration, Security and Enterprise and he a published author of some of the most important OSPF Protocol, Security and Collaboration books in the world titled OSPF Demystified With RFC, Network Security All-in-one, and Dial Plan and Call Routing Demystified on CUCM. He is also a blogger at ipdemystify.com and writes articles about collaboration and security to demystify the most complex topics. His books are known for their technical depth and accuracy especially the OSPF Demystified With RFC book, which is considered as the best OSPF book in the world and named "One of the best OSPF ebooks of all time" by BookAuthority It gives you a hint at the ability to explain complex topics with remarkable ease. He worked as a Cisco Instructor and consultant indifferent Cisco Learning Partner and awarded twice as Cisco Distinguished Instructor Award and Cisco Security Instructor Excellence Award on 2018 and 2019, and Cisco Collaboration Instructor Excellence Award on 2020. The Distinguished Instructor Award recognizes the top 5% of Cisco's most influential CCSI's who provide the highest quality training experience and demonstrate the best overall instructor performance across multiple Cisco technologie and Instructor Excellence Award recognizes the top 25% of elite CCSIs being recognized for delivering top quality training and maintaining high customer satisfaction in their field of expertise.

Categories CollaborationLeave a comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s