Use this information to learn about the port numbers, protocols, IP address ranges, domains you must approve before you use Cloud-Connected UC.

Prerequisites

  • Ensure that you're able to log in to admin.webex.com. For more info, see Get Started with Cisco Webex Control Hub.

  • Bandwidth Usage: For a larger cluster, ensure that you have at least 2 MBPS of bandwidth.

  • Network Proxy: The CCUC service supports both unauthenticated and authenticated HTTP proxies. The supported proxy authentication schemes are Basic and Digest.

  • Cloud-Connected UC cloud port 443 must be reachable from customer environment.

  • Enable CDR and CMR in Unified CM.

Types of Traffic

Data over HTTPS connections is outbound only and uses URLs for communication.

Cloud-Connected UC only supports TLS version 1.2.

URLs Required to Access CCUC Service

If your organization uses a proxy, ensure that you can access the following URLs:

*.ucmgmt.cisco.com

*.webex.com

IP addresses are chosen from the available Cisco and Amazon Web Services (AWS) address pools.

Data Encryption in Transit

Cloud-Connected UC agents validate the Cloud-Connected UC connection with a certificate (Hydrant certificate). This ensures that the certificates presented when a TLS session establishes can be validated against the trusted root CA certificates. The trusted root CA certificates are installed on the device operating system.

Cloud-Connected UC doesn't offer Online Certificate Status Protocol (OCSP) Stapling to check the validity of the SSL certificate.


Currently only TLS version 1.2 is supported.

Unified CM Release

Cipher

11.5 to 12.0(x)

  • TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305

  • TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305

  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

  • TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256

  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

  • TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384

  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256

  • TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256

12.5 and later

  • ECDHE-RSA-AES256-GCM-SHA384

  • ECDHE-ECDSA-AES256-GCM-SHA384

  • ECDHE-RSA-AES128-GCM-SHA256

  • ECDHE-ECDSA-AES128-GCM-SHA256

  • DH-DSS-AES256-GCM-SHA384

  • DH-RSA-AES256-GCM-SHA384

  • DHE-RSA-AES256-GCM-SHA384

  • DH-DSS-AES128-GCM-SHA256

  • DH-RSA-AES128-GCM-SHA256

  • DHE-RSA-AES128-GCM-SHA256

  • ECDHE-RSA-AES256-SHA384

  • ECDHE-ECDSA-AES256-SHA384

  • ECDHE-RSA-AES256-SHA

  • ECDHE-ECDSA-AES256-SHA

  • DHE-RSA-AES256-SHA256

  • DH-RSA-AES256-SHA256

  • DH-DSS-AES256-SHA256

  • DHE-RSA-AES256-SHA

  • DH-RSA-AES256-SHA

  • DH-DSS-AES256-SHA

  • ECDHE-RSA-AES128-SHA256

  • ECDHE-ECDSA-AES128-SHA256

  • ECDHE-RSA-AES128-SHA

  • ECDHE-ECDSA-AES128-SHA

  • DHE-RSA-AES128-SHA256

  • DH-RSA-AES128-SHA256

  • DH-DSS-AES128-SHA256

  • DHE-RSA-AES128-SHA

  • DH-RSA-AES128-SHA

  • DH-DSS-AES128-SHA

  • DHE-RSA-CAMELLIA256-SHA

  • DH-RSA-CAMELLIA256-SHA

  • DH-DSS-CAMELLIA256-SHA

  • DHE-RSA-CAMELLIA128-SHA

  • DH-RSA-CAMELLIA128-SHA

  • DH-DSS-CAMELLIA128-SHA

  • AES256-GCM-SHA384

  • AES128-GCM-SHA256

  • AES256-SHA256

  • AES256-SHA

  • AES128-SHA256

  • AES128-SHA

  • CAMELLIA256-SHA

  • CAMELLIA128-SHA

What to Do Next