Mobile and Remote Access (MRA) Secure Phone Registration | Cisco Exam 400-051

SAN Entries for Secure Phone Registration

Prev Question Next Question

Question

When deploying Mobile and Remote Access (MRA), which two SAN entries are mandatory in the Expressway Series certificates for secure phone registration? (Choose two.)

Answers

A. Unified CM Phone security profile name in Expressway-C certificate

B. Unified CM registration domain in Expressway-C certificate

C. Unified CM Phone security profile name in Expressway-E certificate

D. IM and Presence Chat node alias in Expressway-C certificate

E. IM and Presence Chat node alias in Expressway-E certificate

F. Unified CM registration domain in Expressway-E certificate.

Show Answer

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D. E. F.

AE.

When deploying Mobile and Remote Access (MRA), both Expressway-C and Expressway-E servers must have valid certificates that are trusted by the endpoints and by each other.

The SAN (Subject Alternative Name) field of the certificates needs to include the necessary entries to support secure phone registration through MRA.

The following SAN entries are mandatory in the Expressway Series certificates for secure phone registration:

B. Unified CM registration domain in Expressway-C certificate: This is the registration domain of the Cisco Unified Communications Manager (CUCM) cluster that the endpoint is registered to. This value must match the "Device Name" field of the endpoint's configuration in CUCM.

F. Unified CM registration domain in Expressway-E certificate: This is the registration domain of the Cisco Unified Communications Manager (CUCM) cluster that the Expressway-C server is paired with. This value must match the "Traversal Zone" configuration in both the Expressway-C and CUCM.

In addition to these two mandatory entries, the following entries are optional but recommended for a fully functional MRA deployment:

A. Unified CM Phone security profile name in Expressway-C certificate: This is the name of the security profile that is assigned to the endpoint in CUCM. This value must match the "Phone Security Profile" field of the endpoint's configuration in CUCM.

C. Unified CM Phone security profile name in Expressway-E certificate: This is the name of the security profile that is assigned to the MRA-enabled SIP trunk on the Expressway-C server. This value must match the "Phone Security Profile" field of the SIP trunk's configuration in CUCM.

D. IM and Presence Chat node alias in Expressway-C certificate: This is the hostname of the IM and Presence server (IM&P) that the endpoint is registered to. This value must match the "IM&P Server" field of the endpoint's configuration in CUCM.

E. IM and Presence Chat node alias in Expressway-E certificate: This is the hostname of the IM&P server that the Expressway-C server is paired with. This value must match the "IM&P Server" field of the SIP trunk's configuration in CUCM.

In summary, the mandatory SAN entries for secure phone registration through MRA are the registration domain of the CUCM cluster in the Expressway-C and Expressway-E certificates. The additional optional entries are the security profile name and the IM&P server hostname.

Prev Question Next Question