How to Install Cisco ISE and the Migration tool on VSphere

John N · ‎07-29-2025

I wanted to see if anyone here as ever did a new install of Cisco ISE and the migration tool on VSphere? If so what step(s) did you take? I have the ISO and tool downloaded. The next step is to either create a VM or maybe content library first and download the ISO? Any assistance would be appreciated.

Arne Bier · ‎07-29-2025

What Migration Tool are you talking about?

ahollifield · ‎07-30-2025

I assume the ACS migration tool. Which..... At this point you should just start from scratch.

Arne Bier · ‎07-30-2025

I was hoping it wasn’t that. I was pile only export the network devices and users from ACS (or NPS) and import into ISE. Usually some CSV / Excel involved to get the format right. But that’s the bare minimum. Then create your policies from scratch to reflect your business logic. If you have some horrendous complex policy in place then it’s possibly not optimal and requires human ingenuity to come up with a better solution.

John N · ‎07-30-2025

I am using the ACS migration tool. Unfortunately I cannot access my ACS information and GUI and its out of support and warranty. I have no choice but to use the tool and hope for the best. Are there steps to move the ISO and Migration tool into VCenter client?

ahollifield · ‎07-30-2025

No, don’t even bother. No modern version of ISE even supports the tool anymore. You need to rebuild from scratch.

John N · ‎07-30-2025

Can you explain rebuilding it from scratch?

Arne Bier · ‎07-30-2025

I would explain "building it from scratch" as, imagine you didn't have any existing system in place, but you had some use cases to solve: e.g.

Wired 802.1X and MAB
Wireless 802.1X
Guest Wi-Fi portal
TACACS+ Device Admin
RADIUS Device Admin

Understanding how your network is built and what services it needs is essential in troubleshooting and supporting it. The ACS to ISE tool would just do garbage in, garbage out. And if we're talking ACS, then there is probably a lot of legacy stuff that is no longer needed.

If you have no access to the ACS then how do you propose to use the conversion tool, which also needs access to ACS to read the data?

I recall a customer project with ACS 4.2 on Windows and it was a PITA - but we managed to hack our way into the GUI and download the large list of devices (very valuable) and also the internal users.

Then you write a design of what ISE needs to do, based on the use cases above. And given that it was ACS, it will only involve RADIUS and TACACS - nothing complex - there are also loads of resources on the Community and elsewhere to help with scaling ISE, setting up the ISE nodes, and configuring them.

John N · ‎07-31-2025

Can you give me some ideas on how you might gotten into that ACS? I can only access the command line not the GUI.. I tried everything including using the same browser version from like 10 years ago to no avail....

ahollifield · ‎07-31-2025

Java installed? Some versions of ACS UI also had VERY specific Java requirements. imo anything you do at this point will just be waste of time. I would spend that time deploying a fresh copy of ISE instead and building everything from scratch.

Arne Bier · ‎07-31-2025

Depends what your issue is when trying to browse to the GUI. Do you get any type of website content to appear? I did this back in 2018 or something - even then it was hard. I think we had to use some ancient IE version with Adobe Flash installed etc. It was awful.

Is it failing on the login credentials?

You might need to concede at some point and turn this into a project (requirements gathering and design etc.) - if this is not your skill set, then as Adam said, engage a good partner.

ahollifield · ‎07-30-2025

https://cs.co/ise-berg

Also start a conversation with your Cisco partner of choice