I recently configured an 8851 phone to connect to an ASA using Anyconnect and a VPN profile in CUCM (11.5).
I was relieved to get this working but was a bit alarmed that when the phone registered off site, I was not prompted to enter a password. I understand there is an option in the VPN profile on CUCM for authentication mode, with options for certificate, password only or username/password. I have a couple of questions:
1. If I enable the username/password, what credentials are used? Do I need to assign the phone an owner and/or associate and end user with the phone? We are AD integrated on CUCM.
2. If I enable username/password authentication mode, is the phone-vpn-trust cert still utilized within the ITL file on the phone?
Thanks