Migrating ACS 3.x is a multi-step process, where you have to migrate to 4.x and then to 5.x. Migration might not be easy and straightforward.
ACS 3.x is EOL’ed and End of Support around 7 years back so . So you might not be able to find the resources for upgrading/migrating. If you need to migrate you need a staging server where you need to restore the DB to do the migration. Development and support for this product ended a while back and if you have issues Cisco may not be able to support.
There are significant architectural differences between 4.x and 5.x. So the UI, the policy constructs have changed.
Also 5.x would not work on a Windows platform and needs an appliance or VM form factor that you might already be aware of. ACS 5.x does not have RDBMS support and a few others feature that ACS 4.x/3.x had.
Further it supports a key functionalities that can be taken advantage, providing visibility to every device and user in your network and gathering context on who, what, when, how and where endpoints and users are access your network. Providing network segmentation efficiently using Trustsec better than traditional ACL and VLANs. Work with third party MDM vendors, mitigate threat by sharing context data to partner ecosystem and within Cisco such as Lancope, NGFirewall, WSA as well as SIEM such as Splunk etc.
Install ACS 5.8 and do manual configuration. ACS 5.x support import/export, REST API for many configuration and when you are ready migrate over to ISE. This is a two step process for you considering the time you spent, cost of training, cost of moving your devices to your new ACS server.
Finally if you want to migrate 3.3, here are the steps.
Hi,I am facing a problem creating a backup. When I run the backup task, I get the message:Failure: Registration or CSM state are blocking BackupLog /var/log/backup.logThu Jul 29 14:57:55 2021 Mounted and chdir: /mnt/remote-storage/sf-storage/c3a738c4-e52d...
Hello, Does anyone have some experience with deploying AMP for Endpoints on VMware VDI Horizon, with SSO and Cisco Firepower 2120 at data center and Cisco Firepower 1120 at the edges.and how the management goes with FPMC. thanks
Team,I am stuck up in one issue with CISCO ASA5515 where i checked everything related to rules/access-list but not able to get why firewall inside ip is not able to respond back to Scanner,Just want to know is their some other extra config to be don...