In the past without Cisco Expressway solution, employees behind internet had the need to use the VPN Client (like vpn anyconnect) in order to register their Jabber Client into the the enterprise’s Call Control CUCM which is basically and for security purposes resides in the inside network, yes VPN Client is a solution for the end users and employees to provide a secure registration of their Cisco Jabber Client when they are located in the internet, but there are many constraints:
-The administrators needs to ensure the correct VPN Client (AnyConnect) is installed on the pc’s employee.
-If it is not installed, the employees should be educated to access the SSL VPN Clientless portal of the firewall (ASA from Cisco s’perspective), login into the portal and download the AnyConnect installer.
-Once the VPN Client installed, the employees will use the VPN Client and their own credentials to access the inside network of the office in order to have the reachability and connectivity to the Call Control (CUCM). The VPN AnyConnect provides full access to the inside network but we can control this access through ACL through the VPN-Filter. This traditional VPN Client solution protects both the DATA and VOICE Traffic.
The advent of the Cisco Expressway Solution is to avoid the tasks of installing a VPN Client, limit the access to the voice traffic only and educate the end users about how to download the correct version of VPN client and how to use it.
The idea behind the Cisco Expressway solution is to provide a secure registration of Cisco Jabber Client without a VPN client installed, a dedicated security solution for collaboration (voice traffic), so the goal providing a LESS-VPN Solution so that the end users are not disturbed by softwares installation issues.
The other idea is to improve the end users ‘s experience by providing a secure registration in the background (in other words using the DNS SRV records to locate the Cisco Expressway Edge), in other words we will not disturb the end user by a trainings ( how to access the SSL portal of the ASA and how to install and to use the VPN client). Instead the end users has to put their credentials using a public domain and automatically in the background a TLS connection is triggered to the Expressway Edge and proxied to the enterprise ‘s Call Control through the Cisco Expressway Core.