Cisco ASA: AnyConnect for phone using self-signed certificates for authentication

Yeah, I know the title is pretty boring, but I wanted it to be clear what this one is all about, especially if you’re looking specifically for something like this.

So, here’s the deal: Cisco 99xx and 79xx phones out on the internet somewhere connecting back to an ASA over an SSL tunnel to register with an internal network’s Call Manager, using only self-signed certificates. To me, this is the best option, rather than having users try to type usernames and passwords into the phone interface. For some users, that really is just too much to ask. This method makes it easy on them, and still gives the ASA administrator and Call Manager administrator the ability to prevent a stolen or misused phone from connecting to the network.

Read more