Which action is required for a firewall configuration on a Mobile and Remote Access through Cisco Expressway deployment?
A.
The external firewall must allow these inbound connections to Expressway: SIP: TCP 5061: HTTPS: TCP 8443; XMPP: TCP 5222; Media: UDP 36002 to 59999.
B.
The internal firewall must allow these inbound and outbound connections between Expressway-׀¡ and Expressway-E: SIP: HTTPS (tunneled over SSH between ׀¡ and E): TCP 2222: TCP 7001; Traversal Media: UDP 2776 to 2777 (or 36000 to 36011 for large VM/appliance); XMPP: TCP 7400.
C.
Do not use a shared address for Expressway-E and Expressway-׀¡, as the firewall cannot distinguish between them. If static NAT for IP addressing on Expressway-E is used, ensure that any NAT operation on Expressway-׀¡ does not resolve the same traffic IP address. Shared NAT is not supported.
D.
The traversal zone on Expressway-׀¡ points to Expressway-E through the peer address field on the traversal zone, which specifies the Expressway-E server address. For dual NIC deployments, set the Expressway-E address using an FQDN that resolves the IP address of the internal interface.
C. and D. are correct, however, they apply as for B2B deployments as for MRA deployment. A. and B. are focused to RMA what is the focus of the answer, and finally just remain A.
In fact, all of the four are correct, however, B makes the mistake of saying that the inbound firewall should allow inbound and outbound connections, which is a mistake. The internal firewall should only have outbound rules, from Exp-C to Exp-E.
Well, let us see:
Actually, all of the four answers are correct, they just differ in the context.
C. and D. are correct, even though they apply both as for B2B as for MRA, as for a Traversal Client/Server Zone as for a Unified Communications Traversal Zone. Remember the question is asking just for MRA.
B. is partially correct, even the port usage is correct, the truth is that no inbound ports are required to be opened on the internal firewall. The internal firewall must allow only outbound connections from the Expressway-C to the Expressway-E.
A. is the most appropriate. The external firewall must allow inbound connections to the Expressway-E: SIP (TCP 5061); HTTPS (TCP 8443); XMPP (TCP 5222); Media (UDP 36002 to 59999)
Guide says exactly the same: The external firewall must allow the following inbound connections to Expressway: SIP: TCP 5061; HTTPS: TCP 8443; XMPP: TCP 5222; Media: UDP 36002 to 59999.
https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/expressway/config_guide/X14-2/mra/exwy_b_mra-deployment-guide-x142/exwy_m_requirements-for-mra.html
upvoted 4 times
...
This section is not available anymore. Please use the main Exam Page.350-801 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
ciscogeek
Highly Voted 3 years, 1 month agoH31d1
2 years, 8 months agoG0y0
3 months, 4 weeks agoG0y0
3 months, 4 weeks agoway2certs
2 years, 7 months agoG0y0
Most Recent 3 months, 4 weeks agoG0y0
3 months, 4 weeks agob3532e4
10 months, 1 week agoAgshinA
1 year, 3 months ago