Configuring Default Zone Access Rules - Cisco TelePresence Administrator's Manual
Video communication server
Hide thumbs
Also See for TelePresence:
- Administrator's manual (507 pages) ,
- Manual (24 pages) ,
- Specifications (7 pages)
Table of Contents
Advertisement
Configuring Default Zone access rules
The Default Zone access rules
external systems are allowed to connect over SIP TLS to the VCS via the Default Zone.
Each rule specifies a pattern type and string that is compared to the identities (Subject Common Name and
any Subject Alternative Names) contained within the certificate presented by the external system. You can
then allow or deny access to systems whose certificates match the specified pattern.
To use the rules, Use Default Zone access rules on the
access rules are enabled, then by default no systems will be allowed to connect over SIP TLS to the Default
Zone; you must set up the access rules for the systems you want to grant access. Note that the access rules
do not affect other connections to the Default Zone (H.323 and SIP UDP/TCP).
The configurable options are:
Field
Description
Name
The name assigned to the rule.
Description An optional free-form description of the rule.
Priority
Determines the order in which the rules are applied if the
certificate names match multiple rules. The rules with the
highest priority (1, then 2, then 3 and so on) are applied
first. Multiple rules with the same priority are applied in
configuration order.
Pattern
The way in which the Pattern string must match the
type
Subject Common Name or any Subject Alternative
Names contained within the certificate.
Exact: the entire string must exactly match the name,
character for character.
Prefix: the string must appear at the beginning of the
name.
Suffix: the string must appear at the end of the name.
Regex: treats the string as a
Pattern
The pattern against which the name is compared.
string
Action
The action to take if the certificate matches this access
rule.
Allow: allows the external system to connect via the
Default Zone.
Deny: rejects any connection requests received from the
external system.
State
Indicates if the rule is enabled or not.
Up to 10,000 rules can be configured.
Cisco VCS Administrator Guide (X7.2)
(VCS configuration > Zones > Default Zone access
regular
expression.
Default Zone
page must be set to Yes. If the
Usage tips
You can test whether a pattern
matches a particular name by using the
Check pattern
Tools > Check
Use this setting when making or testing
configuration changes, or to
temporarily enable or disable certain
rules. Any disabled rules still appear in
the rules list but are ignored.
Zones and neighbors
rules) control which
tool
(Maintenance >
pattern).
Page 130 of 498
Hide quick links:
Advertisement
Table of Contents
