Pre-search transform configuration allows the destination alias (called address) in an incoming search request to be modified. The Expressway applies the transformation before any searches are sent to external zones.

The pre-search transform configuration described in this document is used to standardize destination aliases originating from both H.323 and SIP devices. This means that the same call searches work for calls from both H.323 and SIP endpoints.

For example, if the called address is an H.323 E.164 alias “01234”, the Expressway automatically appends the configured domain name (in this case example.com) to the called address (that is, 01234@example.com making it into a URI), before attempting to set up the call.

• Use pre-search transforms with care, because they apply to all signaling messages. If they match, they will affect the routing of Unified Communications messages, provisioning and presence requests as well as call requests.

• Transformations can also be carried out in search rules. Consider whether it's best to use a pre-search transform or a search rule to modify the called address to be looked up.

Search rules define how the Expressway routes calls (to destination zones, such as to Unified CM, or another Expressway, or Meeting Server) in specific call scenarios. When a search rule is matched, the destination alias can be modified according to the conditions defined in the search rule.

The search rules described in this document are used to ensure that endpoints can dial H.323 devices that have registered E.164 numbers or H.323 IDs without a domain portion. The search rules first search for received destination aliases without the domain portion of the URI, and then search with the full URI.

The search rules described here are used to enable the following routing combinations:

The routing configuration in this document searches for destination aliases that have valid SIP URIs. That is, using a valid SIP domain, such as <id@domain>.

You can configure routing which enables calls to unregistered devices on an internal network (routing to the addresses of IP of the devices) by configuring a search rule with a mode of Any IP address with target Local Zone. However this is not recommended (and not described in this document). The best practice is to register all devices and route using destination aliases.

The pre-search transform configuration described in this document is used to standardize destination aliases originating from both H.323 and SIP devices.

The following transform modifies the destination alias of all call attempts made to destination aliases which do not contain an ‘@’. The old destination alias has @example.com appended to it, thus standardizing all called destination aliases into a SIP URI format.

The traversal zone configuration defines a connection between the Expressway-C and Expressway-E platforms. A traversal zone connection allows firewall traversal for signaling and media between the two platforms. Expressway-C is configured with a traversal client zone. Expressway-E is configured with a traversal server zone.

Which type of traversal zone?

• If your deployment is for business to business calling, use a traversal zone.

• If your deployment is for mobile and remote access, use a Unified Communications traversal zone (see next section).

Chained firewall traversal

For business-to-business Expressway deployments, you can configure firewall traversal chaining. As well as acting as a traversal server, Expressway-E can act as a traversal client to another Expressway-E.

If you chain two Expressway-Es for example (pictured), the first Expressway-E is a traversal server for the Expressway-C. That first Expressway-E is also a traversal client of the second Expressway-E. The second Expressway-E is a traversal server for the first Expressway-E.

Note	Traversal chaining is not supported for Mobile and Remote Access deployments. This capability was formally introduced to the Cisco Expressway Series in version X8.10. It has been possible with the Cisco TelePresence VCS since firewall traversal was introduced.

Traversal zones for Unified Communications

If you need Unified Communications features like mobile and remote access or Jabber Guest, a secure traversal zone connection must exist between Expressway-C and Expressway-E:

• The Expressway-C and Expressway-E must be configured with a zone of type Unified Communications traversal. This automatically configures an appropriate traversal zone (a traversal client zone when selected on Expressway-C or a traversal server zone when selected on Expressway-E) that uses SIP TLS with TLS verify mode set to On, and Media encryption mode set to Force encrypted.

• Both Expressways must trust each other's server certificate. As each Expressway acts both as a client and as a server you must ensure that each Expressway’s certificate is valid both as a client and as a server.

• If an H.323 or a non-encrypted connection is also required, a separate pair of traversal zones must be configured.

You can neighbor your local Expressway cluster to a remote cluster. The remote cluster might be a neighbor, traversal client, or traversal server to the local system. When a call is received on the local Expressway and is passed via the relevant zone to the remote cluster, it gets routed to whichever peer in that neighbor cluster has the lowest resource usage (peers in maintenance mode are not considered). That peer then forwards the call to one of the following:

• A locally registered endpoint, if the endpoint is registered to that peer

• A peer, if the endpoint is registered to another peer in the cluster

• An external zone, if the endpoint is located elsewhere

Configuration instructions are provided in the Expressway Administrator Guide.

The DNS zone is used to search for externally hosted systems (such as for business to business calling). Destination aliases are searched for by a name using a DNS lookup.

The DNS search rule defines when the DNS zone should be searched.

A specific regular expression is configured which will prevent searches being made using the DNS zone (i.e. on the public internet) for destination addresses (URIs) using any SIP domains which are configured on the local network (local domains).

The following configuration defines how an Expressway routes calls (and other requests) to external IP addresses. An external IP address is an IP address which is not "known" to the Expressway and therefore assumed to be a publicly routable address.

Known IP addresses are addresses defined in a subzone (using a subzone membership subnet rule).

• All requests destined for external IP addresses, originating at the Expressway-C are routed to the Expressway-E using a search rule.

• The Expressway-E then attempts to open a connection directly to the IP address.