Installing ISE from scratch is the better option since you can renew your policies that was not looked into for a long time.
ISE 2.3 offers custom user attributes supports newer data type such as Date and IP address. So if you have user defined
attributes in ACS you can easily configure in ISE.
ISE 2.3 also has new Policy UI with hit counts that was a feature brought in from ACS 5.x. ISE 2.3 also support TACACS+ support for IPv6 and for TACACS+ proxy.
If Option 1 is not for you, then you have ISE 2.3 migration tool that migrates key configuration from ACS 4.x to ISE 2.3 includes only ( User, Groups, User attributes, Network devices, Network device groups). You can download the migration tool from here and try out.
(Note: This tool has to be installed in the same machine that runs ACS 4.x that has VNC. Requires Java 7)
Here is the screenshot of the migration tool that initially asks you to choose the version of ACS you are migrating from
Once you select ACS 4.x supported objects you will be presented with a screen that shows the objects migrated from ACS to ISE.
Remember you have to manually configure inline conditions, policy elements, authentication, authorization policies etc. The policy architecture of ISE is simpler than ACS 5.x however other associated objects in the policies are the same such as policy elements( shell profiles, command sets). You can additional details in migration from ACS 4.x to 5.x document.
If you have an older version of ACS, here is my blog that will help you.decide.
Hi. Will try and make this short Have been tasked with finding a solution to set up a streaming camera at one of our trails. It has power and possibly a pole so it can be mounted. No Wifi from ISP but can purchase a ZTE LTE router and install that. Would...
Hi,I have to connect to different customers and they all have a different vpn method. So what i am doing now is starting Windows Sandbox, install the vpn client there, and connect to the client. After i am finished. I close the sandbox and everything is d...
Hello. I recently added a Network Condition to my Device Admin Policy set. The idea is to only allow TACACS login from specific networks. This worked great, but now I cannot authenticate using Console (login authentication failed). ...
Hi,I can't install Cisco Anyconnect Secure Mobility Client in my computer with Debian 10. I have tried to install Anyconnect client with a file called anyconnect-linux64-4.4.03034-core-vpn-webdeploy-k9.sh provided for a server of my university.I run the f...