05-13-2014 12:37 PM - edited 03-10-2019 09:42 PM
I am currently running ISE 1.1.3u1
Since I will basically have to redo my IPEPs to renew our SSL Certs, I am planning to just move up to 1.2.
Questions I have are:
Is there not a FULL install for 1.2u"latest"?
From my understanding I should be able to upgrade direct from 1.1.3 to 1.2 on my admin/policy/MnT node (VM) but my IPEPs will have to be totally recreated to move to 1.2. Is this correct?
Then once I am on 1.2, can I just jump to the latest update, or do I have to install each update one by one?
Something I just read made me think that the IPEPs won't be able to take the 1.2 patches, as in they will be stuck at 1.2.0.899 with no updates, is this correct?
05-14-2014 12:43 AM
You can upgrade only Administration, Policy Service, and Monitoring nodes. Upgrades are not supported for Inline Posture Nodes (IPNs). For IPNs, you must reimage your appliance and perform a fresh installation.
05-15-2014 04:51 AM
ASA newer code is out IPN are no longer required, may be Cisco will discontinue it. Its better to shift to ASA for CoA
05-15-2014 05:55 AM
This will definitely be my endgame.
But since this code just came out, I am not willing to jump direct to it, yet.
Also, I haven't found much documentation on how to make this transition, i.e., exactly what settings on the ASA will make it replace the IPN, and if any changes need to be made on the Admin/Policy/MnT server.
Then as soon as I make that transition, I will be able to rebuild the 3315 (have 2) to be failover between the two locations.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide