/mcp• Generate a self-signed certificate with Host-id check enabled on the VPN profile in Unified Communications Manager. Example: Router> enable Router# configure terminal Router(config)# crypto key generate rsa general-keys label <name> <exportable -optional>Router(config)# crypto pki trustpoint <name> Router(ca-trustpoint)# enrollment selfsigned Router(config-ca-trustpoint)# fqdn <full domain name>Router(config-ca-trustpoint)# subject-name CN=<full domain name>, CN=<IP>Router(ca-trustpoint)#authorization username subjectname commonname Router(ca-trustpoint)# crypto pki enroll <name> Router(ca-trustpoint)# end • Register the generated certificate with Unified Communications Manager. Example: Router(config)# crypto pki export <name> pem terminal Copy the text from the terminal and save it as a.pem file and upload it to the Unified Communications Manager using the Cisco Unified OS Administration. Step 4 Install AnyConnect on Cisco IOS. Download the Anyconnect package from cisco.com and install to flash. Example: router(config)#webvpn install svc flash:/webvpn/anyconnect-win-2.3.2016-k9.pkg Step 5 Configure the VPN feature. Note To use the phone with both certificate and password authentication, create a user with the phone MAC address. Username matching is case sensitive. For example: username CP-7975G-SEP001AE2BC16CB password k1kLGQIoxyCO4ti9 encrypted Complete ASA Prerequisites for AnyConnect Use this procedure to complete ASA Prerequisites for AnyConnect. Procedure Step 1 Install ASA software (version 8.0.4 or later) and a compatible ASDM. Step 2 Install a compatible AnyConnect package. Step 3 Activate License. a) Check features of the current license using the following command: Security Guide for Cisco Unified Communications Manager, Release 15 and SUs 284 Advanced System Security Complete ASA Prerequisites for AnyConnect