We need to deploy a few remote phones and I was looking at the Expressway product but it seems like overkill and/or too complicated for just a handful of phones. Am I off base thinking the Expressway is overly complicated for my scenario? What would I miss out on if I used ASA with the phone SSL license?
My 2 cents would vote for Expressway, when I was testing both solutions in my lab, I had way more issues with AnyConnect, and just never really worked reliability once setup. The Expressway, was definitely more of a challenge to get my head around, but once I got it loaded a couple times, I put it into production, and have never had to mess with it again, works all the time, great for Jabber Clients. As far the firewalls, I tested several including software based Cisco, Juniper, and a few other, but in the end I used 2 ASAs.
MRA is the recommended option for external devices, you'll have the added benefit that now your deployment will be MRA enabled for any Jabber device. Do bear in mind that MRA for hard phones do have a strict requirement of using a handful of public CAs that the devices have in their trust store.
No, MRA needs EXP-C and EXP-E
I believe this is still applicable