Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
385
Views
0
Helpful
5
Replies

Cisco ISE migration to Azure

shujath-syed
Level 1
Level 1

‎04-08-2025 05:58 AM - edited ‎04-08-2025 06:02 AM

Hi members, 

@Greg Gibbs I need to migrate Cisco ISE to Azure. Can you advise if I should use VM or the application option to create ISE instance in Azure? which is better?

0 Helpful
5 Replies 5

Scott Fella
Hall of Fame
Hall of Fame

‎04-08-2025 09:21 AM

From my experience, the application is easier to deploy.  However, why not go through the experience of standing up both so you have an understanding of how long it would take in case you need to standup another node. That is what I did, and at the end, it's an ISE application.  The VM option is the same as if you stood up an VM in ESXi or Hyper-V you have to go through the setup. The application, you just fill out the information during the creation and you are pretty much done.  Also if you are doing any type of automation, then it really depends on how you feel you want to automated the creation of the ISE in Azure.  I don't know if one is better than the other.

-Scott
*** Please rate helpful posts ***
0 Helpful

Greg Gibbs
Cisco Employee
Cisco Employee

‎04-08-2025 06:58 PM

Before making the solid decision to deploy ISE in Azure, be sure to review the issues discussed in the following posts. I would highly recommend deploying in AWS instead of Azure if possible to avoid these inherent issues with EAP-TLS caused by MS dropping out-of-sequence UDP packets.

https://community.cisco.com/t5/network-access-control/azure-packet-fragmentation/td-p/5205223

https://community.cisco.com/t5/network-access-control/cisco-ise-deployment-in-azure-nightmare-experience/td-p/5216248

0 Helpful

shujath-syed
Level 1
Level 1
In response to Greg Gibbs

‎04-09-2025 08:32 AM

Thanks very much it really is very useful. It appears hiding out of order packets in IPSec is the way forward. Unfortunately we don't have an option to go to aws, we have a a big relationship with Microsoft and everything else in Azure. 

So what do you reckon is the answer to my original question whether to use use ISE application or a VM?

0 Helpful

Greg Gibbs
Cisco Employee
Cisco Employee
In response to shujath-syed

‎04-09-2025 04:49 PM

There is no right answer for that question nor any functional difference in the end product. It would depend entirely on your comfort level, processes, and tools for deploying cloud resources in Azure.

The previous post from @Scott Fella reflects the same guidance.

0 Helpful

Scott Fella
Hall of Fame
Hall of Fame

‎04-09-2025 05:55 PM

I'm going to be setting up a few in Azure soon, but this time with Express Route.... should be fun, but hopefully I get it working.  

-Scott
*** Please rate helpful posts ***
0 Helpful
Customers Also Viewed These Support Documents