Migrating ACS 3.x is a multi-step process, where you have to migrate to 4.x and then to 5.x. Migration might not be easy and straightforward.
ACS 3.x is EOL’ed and End of Support around 7 years back so . So you might not be able to find the resources for upgrading/migrating. If you need to migrate you need a staging server where you need to restore the DB to do the migration. Development and support for this product ended a while back and if you have issues Cisco may not be able to support.
There are significant architectural differences between 4.x and 5.x. So the UI, the policy constructs have changed.
Also 5.x would not work on a Windows platform and needs an appliance or VM form factor that you might already be aware of. ACS 5.x does not have RDBMS support and a few others feature that ACS 4.x/3.x had.
Further it supports a key functionalities that can be taken advantage, providing visibility to every device and user in your network and gathering context on who, what, when, how and where endpoints and users are access your network. Providing network segmentation efficiently using Trustsec better than traditional ACL and VLANs. Work with third party MDM vendors, mitigate threat by sharing context data to partner ecosystem and within Cisco such as Lancope, NGFirewall, WSA as well as SIEM such as Splunk etc.
Install ACS 5.8 and do manual configuration. ACS 5.x support import/export, REST API for many configuration and when you are ready migrate over to ISE. This is a two step process for you considering the time you spent, cost of training, cost of moving your devices to your new ACS server.
Finally if you want to migrate 3.3, here are the steps.
Today I had 6 endpoints within 3 hours all quarantine the following file: 8d4fdcb52b32afbcef4450ca88668def9b245a6f7ab2aa26ec3a4324a0b1f461When I look what was happening with each endpoint in AMP's Device Trajectory I see this:The event only indicate...
After a "TelePresence SX20" disconnect occurred in a video conference, troubleshooting was initiated to identify the root cause. After log analysis, we found that the call was disconnected by H.323 timeout.I would like to know if you have any analysis or ...
I have an Ironport C670, where all licenses have expired except for Incoming Mail Handling, but the emails were "being sent" because there was no queue at the checkout, but the recipients did not receive them, however all employees were receiving and emai...
Hi all, I am working on a 5510 ASA that I have acquired and I seem to be having an issue getting gig throughput on it. I can configure it to get on the net and get the ACLs and NAT working and all that, however, when I do a speed test on my PC, I see...
I was wondering how I would figure out if all ISE 2.4 features in code version 15.0.2-SE11 on multiple cat3k platforms are supported. I have followed the release notes of and matrix, and while this code version falls in-between the minimu...