Webex Site Requirements

Your site must have an A-Flex, A-WBX, or A-SPK SKU with a Webex Edge Audio package.

Cisco Unified Communications Manager and Expressway Version Requirements

  • Unified CM 10.5 and later

  • Expressway Version X8.10 and later

DNS SRV Records for Expressway-E

You must publish DNS SRV records for your Expressway-Es so that Webex can route secure SIP calls to your premises.

The DNS SRV record must specify the Expressway-E cluster's mutual TLS port (the default mutual TLS port is 5062).

You cannot reuse existing MRA (_collab-edge._tcp), or business to business (_sips._tcp) SRV records because Edge Audio requires that the SRV records resolve to the Expressway-E cluster's mutual TLS port. Both MRA and business to business can't use mutual TLS.

The hostnames (FQDNs) in the DNS SRV records must resolve to the Expressway-E cluster's IP addresses through DNS A/AAAA record(s).

DNS SRV and A/AAAA Record Examples

For example, if you're implementing Edge Audio and have a cluster of three Expressway-Es, the DNS SRV records might be something like this:

Secure SIP SRV record

_service._proto.name.

TTL

Class

SRV

Priority

Weight

Port

Target

_sips._tcp.edge.example.com.

86400

IN

SRV

10

10

5062

expe1.example.com.

_sips._tcp.edge.example.com.

86400

IN

SRV

10

10

5062

expe2.example.com.

_sips._tcp.edge.example.com.

86400

IN

SRV

10

10

5062

expe3.example.com.


We recommend using a subdomain, such as edge.example.com in this example, to avoid conflicts with existing secure SIP SRV records not resolving to the Expressway-E cluster’s mutual TLS ports. For example, you may already have published _sips._tcp.example.com. for business to business video calls and these records must not resolve to the Expressway-E cluster’s mutual TLS port.

A/AAAA records

Name

TTL

Class

A

Address

expe1.example.com.

86400

IN

A

203.0.113.11

expe2.example.com.

86400

IN

A

203.0.113.13

expe3.example.com.

86400

IN

A

203.0.113.15

Sizing Your Expressway Clusters

The following table shows you the recommended amount of concurrent Edge Audio calls an expressway can handle.

Expressway call capacity

Nodes in an Expressway-C and Expressway-E cluster

Medium Expressway

Large Expressway

1

200

1000

2

400

2000

3

600

3000

4

800

4000

5

800

4000

6

800

4000

Adding more than 4 expressways to a cluster improves the cluster's resilience to failure. A cluster can have a maximum of 6 expressways.

For more details, see the Cisco Expressway Cluster Creation and Maintenance Deployment Guide.

Apply Signed Certificate from Trusted Certificate Authority

Edge Audio requires a signed certification from a trusted Certificate Authority (CA). Use the link below to get to a list of certificate authorities that Cisco trusts. Certificates signed by authorities in this list are considered valid and the connection will be allowed. What Root Certificate Authorities are Supported for Calls to Cisco Webex Audio and Video Platforms?

Handling of Incoming Call from Webex

You must allow E.164 numbers to traverse your Expressway-E, and route calls based on your configuration for users on your network and connected to your Unified CM, and users off your network, like those connected to mobile phone.

We recommend rejecting the calls with E.164 numbers where source zone is a Default Zone in Expressway-E. DNS Zone created in Expressway-E, for Webex, must have Mutual TLS on with Webex Subject Alternate Name (SAN) verification.

Open Required Firewall Ports

After you complete the Unified CM and Expressway configurations, you must open the necessary firewall ports. Refer to this article: https://collaborationhelp.cisco.com/article/WBX264 for Network Requirement information, and what ports to open.