Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2614
Views
20
Helpful
3
Replies

ACS 5.x to ISE 2.4 ISE SNS-3655-K9 Appliances

Go to solution
Jay233
Level 1
Level 1

‎08-04-2020 09:34 AM

Hi All,

Please confirm my thought process for migrating ACS 5.x over to an existing 2.4 patch 9 ISE deployment.

Using SNS 3655-K9 appliances.

  1. Downgrade SNS-3655-K9 as its shipped with ISE ver 2.6
  2. Use ise-2.4.0.357.SPA.x86_64_SNS-36x5_APPLIANCE_ONLY.iso
  3. Install patch 9
  4. Join distributed ISE 2.4 deployment
  5. Install patch 10 on the PAN and distribute to all nodes
  6. Migrate using ACS to Cisco Identity Services Engine Migration Application Version 2.4.0.910. Use this application to migrate configuration data from ACS version 4.2 or 5.5 and later to ISE 2.4 patch 10.
  7. Install patch 12 on the PAN and distribute to all nodes (Bug CSCvs04433 fix)

Am I missing anything from the process?

Thanks in advance for any replies.

 

0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Jatin Katyal
Cisco Employee
Cisco Employee

‎08-04-2020 03:37 PM

Hi Jason,

You're on the right path but why would you migrate the ACS 5.x data to ISE 2.4 which is already EOL

You can plan to migrate to ISE 2.6 or ISE 2.7 ( BU recommended version ) directly that you have to do anyway down the line :)

if you decide to go with your original plan then make sure you go through this CSCvu42244 open caveat on ISE 2.4patch12

Lastly, you may find it helpful during the migration : How to migrate from ACS 5.x to ISE 2.x

 

~Jatin

View solution in original post

Go to solution
Jatin Katyal
Cisco Employee
Cisco Employee
In response to Damien Miller

‎08-04-2020 09:29 PM - edited ‎08-04-2020 09:29 PM

Yes, You should only Migrate on a fresh installation of Cisco ISE, Release 2.x. The same has been documented in the guide, I provided you in my previous reply. Please refer the section "Preparation for migration". My understanding was bit different that you have majority of your ISE nodes on 2.4 and just one on 2.6 and this is going to be a new deployment for you. Thanks Damien for clarifying the 'existing deployment' piece.
~Jatin

View solution in original post

3 Replies 3

Go to solution
Jatin Katyal
Cisco Employee
Cisco Employee

‎08-04-2020 03:37 PM

Hi Jason,

You're on the right path but why would you migrate the ACS 5.x data to ISE 2.4 which is already EOL

You can plan to migrate to ISE 2.6 or ISE 2.7 ( BU recommended version ) directly that you have to do anyway down the line :)

if you decide to go with your original plan then make sure you go through this CSCvu42244 open caveat on ISE 2.4patch12

Lastly, you may find it helpful during the migration : How to migrate from ACS 5.x to ISE 2.x

 

~Jatin

Go to solution
Damien Miller
VIP Alumni
VIP Alumni

‎08-04-2020 07:56 PM

I'll call out one piece that's not clear here to me. It's generally not recommended to migrate ACS configuration to an existing ISE deployment with the migration tool, it was intended to be used with a fresh ISE node/deployment.

What Jatin added is good as well, I would evaluate migrating to 2.6+.

Go to solution
Jatin Katyal
Cisco Employee
Cisco Employee
In response to Damien Miller

‎08-04-2020 09:29 PM - edited ‎08-04-2020 09:29 PM

Yes, You should only Migrate on a fresh installation of Cisco ISE, Release 2.x. The same has been documented in the guide, I provided you in my previous reply. Please refer the section "Preparation for migration". My understanding was bit different that you have majority of your ISE nodes on 2.4 and just one on 2.6 and this is going to be a new deployment for you. Thanks Damien for clarifying the 'existing deployment' piece.
~Jatin
Customers Also Viewed These Support Documents