cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

2575
Views
0
Helpful
11
Replies
Bruce Summers
Beginner

Brand New ACS 1120

Alright,

my company bought an ACS 1120, no SMARTNET support of course, and I'm getting prepared to deploy it.

I've litterally gotten it out of the box and powered it up...

in the box came several CD/DVD's of which is ACS 4.1 for windows;  4.2 for windows; and one that has a copy of a Windows Server (looks like a special version, i'm writing this post from home and dont have the CD's in front of me, sorry)...

My question is merely, do i ust run through the initial setup prompts?  And is it necessary to start at 4.1 and upgrade as I go (ie...4.2, then 5.0)???  Or can I go straight to 5.0?

Bruce

3 ACCEPTED SOLUTIONS

Accepted Solutions
ansalaza
Beginner

If your goal is to have ACS 5.X running, then go straight to it, download ACS 5.1, which has most ACS 4.X features.

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.1/release/notes/acs_51_rn.html#wp71092

If I am not wrong your 1120 should already be running ACS 5.0...but just in case you should also be able to download the DVD from CCO:

ACS 5.1:

http://download-sj.cisco.com/swc/esd/03/crypto/3DES/282773289/contract/ACS_v5.1.0.44.iso

ACS 5.0:

http://download-sj.cisco.com/swc/esd/03/crypto/3DES/282382303/contract/ACS-5.0.0.21.iso

You will require a valid license for ACS 5.X, which will need to be issued by the Licensing Team.

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.1/release/notes/acs_51_rn.html#wp114337

If you prefer you can stay with ACS 4.2; you would need to intall the "ACS 42. s/w for cisco 1120 appliance", this type of ACS will be preinstalled with the OS and you cannot access the OS.

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_solution_engine/4.2/installation/guide/solution_engine/prepap.html

The migration from ACS 4.2 to ACS 5.X is not something recommended since they are totally different breads!

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.0/user/guide/migrate.html#wp1052577

HTH,

View solution in original post

Right

ACS for WIndows (whatewer version you have) will run on Windows 2003 server (see inatllation requirements for details) ACS 5.X exists only as appliance or VMWare image. In general - appliance is more hardened in terms of viruses and intrusions

View solution in original post

The ACS 4,x software you have been shipped is to assist customers who need to migrate from an earlier 3.x/4.x release. If they are on a specific 3.x release they can upgrade,using the disks to 4.x and then perform a migration procedure to ACS 5.0/5.1 tomigrate certain subsets of the data. The migration procedure requires ACS 4.x to be installed on a windows PC so the disks can also be used by customers who have a closed 4.x appliance and need to backup the database and then restore data onto an ACS 4.x windows based installation created using the disks provided.

For new installations these disks are not applcable and just need to run the basic setup. However, as others have suggested, if you are just getting started, I would recommend downloading ACS 5.1 from CCO and reimaging so that you can work with the latest version. Note the ACS 5.0 license can be used for ACS 5.1 as well

View solution in original post

11 REPLIES 11
Bruce Summers
Beginner

added note:

the software CD that I have that i refer to as "special version" is actually ACS 42. s/w for cisco 1120 appliance, but has a Windows Svr 2003 Teleco SVR App SW 3.0 1-4 CPU...

I'm assuming this is goiing to be installed at some point...

Hi Bruce.

ACS 1120 is HW version of the appliance. It is shipped with ACS 5.0 preinstalled and ACS 4.2 on, so called, recovery CD. Check with your PO what your company purchased exactly.  If ACS 4.2 is what you purchased, so yes, you should instert disk labelled ACS 4.2 and follow the instructions.

ansalaza
Beginner

If your goal is to have ACS 5.X running, then go straight to it, download ACS 5.1, which has most ACS 4.X features.

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.1/release/notes/acs_51_rn.html#wp71092

If I am not wrong your 1120 should already be running ACS 5.0...but just in case you should also be able to download the DVD from CCO:

ACS 5.1:

http://download-sj.cisco.com/swc/esd/03/crypto/3DES/282773289/contract/ACS_v5.1.0.44.iso

ACS 5.0:

http://download-sj.cisco.com/swc/esd/03/crypto/3DES/282382303/contract/ACS-5.0.0.21.iso

You will require a valid license for ACS 5.X, which will need to be issued by the Licensing Team.

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.1/release/notes/acs_51_rn.html#wp114337

If you prefer you can stay with ACS 4.2; you would need to intall the "ACS 42. s/w for cisco 1120 appliance", this type of ACS will be preinstalled with the OS and you cannot access the OS.

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_solution_engine/4.2/installation/guide/solution_engine/prepap.html

The migration from ACS 4.2 to ACS 5.X is not something recommended since they are totally different breads!

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.0/user/guide/migrate.html#wp1052577

HTH,

View solution in original post

thanks folks,

Understand about the appliance itself running a flavor (probably 5.0, havent actually started in on the "setup" yet).  Was trying to make sense of what they shipped me (the ACS for Windows is throwing me off)....Is this software that will run on a server without the appliance itself?

Bruce

Right

ACS for WIndows (whatewer version you have) will run on Windows 2003 server (see inatllation requirements for details) ACS 5.X exists only as appliance or VMWare image. In general - appliance is more hardened in terms of viruses and intrusions

View solution in original post

The ACS 4.x  that you should have is the Appliance ACS Version, where you don't have access to the OS only to the ACS application (through a GUI).

Note:This type of ACS is installed with the OS all at once.

HTH,

The ACS 4,x software you have been shipped is to assist customers who need to migrate from an earlier 3.x/4.x release. If they are on a specific 3.x release they can upgrade,using the disks to 4.x and then perform a migration procedure to ACS 5.0/5.1 tomigrate certain subsets of the data. The migration procedure requires ACS 4.x to be installed on a windows PC so the disks can also be used by customers who have a closed 4.x appliance and need to backup the database and then restore data onto an ACS 4.x windows based installation created using the disks provided.

For new installations these disks are not applcable and just need to run the basic setup. However, as others have suggested, if you are just getting started, I would recommend downloading ACS 5.1 from CCO and reimaging so that you can work with the latest version. Note the ACS 5.0 license can be used for ACS 5.1 as well

View solution in original post

Hello

Could any of you guys provide a link for downloading the re-image DVD for the appliance 1120 v4.2?

Thanks a lot

Guido

Has any one in this forum encountered the following error message when trying to use t

he Active Directory for user authentication with Cisco 1120 ACS 5.0?:

"Error while configuring Active Directory: Using writable domain controller: company.com: (Kerberos) : Cannot contact any KDC for requested realm due to unexpected configuration or network error.Please try the --verbose option or run 'adinfo --diag' to diagnose the problem.Join to domain company.com, zone 'null' failed."


Hi,


Looks like there is something in between ACS and AD, could be a firewall that is why we are not able to contact KDC.


These ports should be opened for DC: LDAP 389/tcp LDAP 389/udp SMB 445/tcp KDC 88/tcp Global catalog 3268/tcp KPASS 464/tcp NTP 123/udp.


HTH


Rgds,

JK


Do rate helpful posts-

~Jatin

Hi,

Would the Cisco Secure ACS 5.0 engine need to be added to Windows AD as a computer object for the integration to work?

PM.

Create
Recognize Your Peers
Polls
Which of these topics should we host an event in the Community?

Top Choice: pxGrid (35%)

Content for Community-Ad

ISE Webinars



Did you miss a previous ISE webinar?

CiscoISE YouTube Channel