Implementing and Operating Cisco Collaboration Core Technologies (CLCOR) — Question 132

Which action is required for a firewall configuration on a Mobile and Remote Access through Cisco Expressway deployment?

Answer options

• A. The external firewall must allow these inbound connections to Expressway: SIP: TCP 5061: HTTPS: TCP 8443; XMPP: TCP 5222; Media: UDP 36002 to 59999.
• B. The internal firewall must allow these inbound and outbound connections between Expressway-׀¡ and Expressway-E: SIP: HTTPS (tunneled over SSH between ׀¡ and E): TCP 2222: TCP 7001; Traversal Media: UDP 2776 to 2777 (or 36000 to 36011 for large VM/appliance); XMPP: TCP 7400.
• C. Do not use a shared address for Expressway-E and Expressway-׀¡, as the firewall cannot distinguish between them. If static NAT for IP addressing on Expressway-E is used, ensure that any NAT operation on Expressway-׀¡ does not resolve the same traffic IP address. Shared NAT is not supported.
• D. The traversal zone on Expressway-׀¡ points to Expressway-E through the peer address field on the traversal zone, which specifies the Expressway-E server address. For dual NIC deployments, set the Expressway-E address using an FQDN that resolves the IP address of the internal interface.

Correct answer: A

Explanation

Option A is correct because it outlines the necessary inbound connections that the external firewall must allow for proper operation of the Cisco Expressway deployment. The other options describe internal configurations or restrictions that are important but do not address the external firewall requirements, making them incorrect in this context.