cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

446
Views
10
Helpful
5
Replies
Highlighted
Beginner

Migration from ACS 5.8 to ISE 2.7

I have imported the ACS certificate, with valid ACS GUI credentials, hardcoded hosts file, and enable migration in CLI. But when I try to export with Migration Tool I get the following. Does anyone know how to fix it?

 

ERROR Thread-21 Unable to connect to ACS 5 to begin Export. Please ensure that:
1. Migration interface is enabled in the ACS 5 server.
2. ACS 5 services are running.
3. ACS 5 IP, superadmin name and password are correct.
4. ACS 5 has a compatible license installed.
5. ACS 5 hostname matches with the name in its certificate.
6. ACS 5 server certificate is trusted by the Trusted Root Certificates in Settings page.
ERROR Thread-21 Error occurred while communicating to ACS 5.x. ; nested exception is:
javax.net.ssl.SSLHandshakeException: Remote host terminated the handshake
ERROR Thread-21 Error occurred while communicating to ACS 5.x. ; nested exception is:
javax.net.ssl.SSLHandshakeException: Remote host terminated the handshake
INFO Thread-21 Start connecting to ACS5 PI

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Cisco Employee

This looks still an issue with the certificate and/or how you made the connection in the tool to ACS.
AFAIK the tool expects to use the FQDN, as in the ACS server certificate, as the ACS hostname.

View solution in original post

5 REPLIES 5
Highlighted
VIP Advocate

 

 - Ref : https://www.cisco.com/c/en/us/td/docs/security/ise/2-0/migration_guide/b_ise_MigrationGuide20/Cisco_Secure_ACS_to___Cisco_ISE_Migration_Tool.html

 >..

 The only supported direct migration process that uses the Cisco Secure ACS to Cisco ISE Migration Tool is from a Cisco Secure ACS, Release 5.5 or 5.6 to a Cisco ISE, Release 2.0 system.

 

       - Looks like your releases are not supported , at both ends.

  M.

 

  

Highlighted

Highlighted

That's only for ISE 2.0 which is many years old.

Highlighted
Beginner

The tool is okay. In my opinion a clean install is better. The migration tool doesn’t transfer everything over. I’m currently in the process of migrating from ACS to ISE and it’s not going to be a fast process, but it won’t have all of the un-used policies,etc. 

Highlighted
Cisco Employee

This looks still an issue with the certificate and/or how you made the connection in the tool to ACS.
AFAIK the tool expects to use the FQDN, as in the ACS server certificate, as the ACS hostname.

View solution in original post

Content for Community-Ad