ACS 3.3 to 5.3 migration
Hello
I would like to migrate ACS 3.3 to 5.3 smoothly. To do this, I want to redirect GBA 5.3 unknown users in the old one in 3.3. I define ACS proxy but I do not know how to set up the 'Access policies' and 'Service selection rule' to tell about ACS 5.3 to redirect unknown users on ACS 5.3.
Could you help me for this config or give me an example of configuration.
Thanks in advance
well well
You must set the server RADIUS identity under users entry and identity stores pointing your ACS 5.3
You then define a sequence, identity that lists the databases currently deployed on your DCC 5 first, followed by the entry that you have defined for ACS 3.3.
the link of this sequence of identity to your strategies of identity for services already defined.
--------------------------------------------------------------------------------------
Please don't forget to rate correct answers
Tags: Cisco Security
Similar Questions
-
ACS 4.2 to 5.8 migration
Team - I have a client who wants to migrate its ACS of 4.2 to 5.8. They currently have a primary and a backup server.
(1) can anyone offer a migration plan to avoid any downtime during the migration.
(2) would not, it requires a change of configuration in all network devices, is it possible to centre?
I have no experience in doing so. Any help on this is appreciated.
Bijbalak
You should not need a plan B, I got in some work environments. But if you decide not to use the migration tool, you can use CSUtil and analyze the image to a CSV file that ACS 5.x can import
http://www.Cisco.com/c/en/us/TD/docs/net_mgmt/cisco_secure_access_contro...
I have not encountered any problems with the migration on a Windows server 4.2 ACS work tool.
-
Hello
I use the Migration utility to migrate a 4.2 ACS to an ACS 5.2.
Shape the newspaper I see the migration is completed successfully, however, No 4.2 object appear in the ACS 5.2.
> Is there a way to check the ACS 5.2 database because the migration failed despite the "success" message in the log of the Migrator?
Now I'm 'migration' ACS manually, which is a little bad...
Kind regards
Thibault.
Hello
Migration can be a bit tricky and when I ran into this issue before that it was because the changes have not been actually migrated to ACS. It's actually a 2 step process:
(1) Analyze and export (this creates the files to import into DCC 5 locally on the migration computer.
(2) import - this import actually data in DCC 5 (this is the most often missed step).
In addition, here are some useful tips if everything goes well for your migration:
1) begins with a new database and import your first set of objects, if you don't like it you can use the command 'acs reset-config' command line to restore ACS to factory default.
(2) after that you have the first series of imported objects take an EC of backup, when you go to import your next series of objects and you end up not liking is where imports put objects you can restore that backup and do not lose your previously imported data that you liked.
HTH
-Jesse
-
Cisco ACS 3.2 compatibility
We have a few servers ACS 3.2 old, legacy and soon-to-be-replaced-with-5.1. One of them had some serious problems and must be rebuilt.
The current operating system is Win2k. We were going to upgrade the OS to 2003 while he was down. Are there problems of compatibility with 3.2 and 2003? Anyone had any success is 3.2 to run on this?
Thank you
Hello
ACS 3.2 on Windows 2003 has never been tested, so we don't know whether or not you will encounter problems with 3.2 on 2003. I see a problem that you might encounter where the GANYMEDE + and RADIUS services may not start automatically after a reboot and will have to be started manually:
CSCsb81671 : services CSTacacs and CSRadius do not start with Windows 2003
I personally would stick with Windows 2000 for ACS 3.2 since you are migrating out of these servers soon anyway.
-Jesse
-
VPN authentication and wireless through ACS 5.4
Hello,
I am in the process of migrating from ACS 4.1.1.23 to ACS 5.4. I have migrated our users and Network Device Groups and configured external Identity stores like AD and RSA. I want to authenticate our Wireless users with AD and VPN users through RSA. I am unable to create policies to get this UP and working. I need help in this regarding the policy creation.
As I am new to the ACS 5.4 any help with the step by step configuration of the WLAN and VPN
authentication will be appreciated.Thanks in advance.
Regards,
Anand
This is possible by creating access to two Services: one that authenticates with AD and the other against RSA.
Then have need develop a selection of Service policy that will result in one of these two services. One possibility could be NAS-Port-Type in the RADIUS dictionary which should be 'Wireless - IEEE 802.11.
-
We have a device with 4.1.1.24 1113. Can we make an installation on a 1121 and put 5.2 on it, and then restore the 4.1.1.24 db... ??
You must deploy a separate server 4.x with the current configuration for migration in addition to your Server 4.x production ACS ACS and ACS 5.0 device. In this way, you can continue to run your production ACS 4.x server while you migrate the data to ACS 5.0.
For more information on migration 4.x to 5.0 ACS ACS refer to the Migration Guide below:Note: Please rate the answer if it helps
-
Migration win2003 win2008R2 impact on ACS?
We use AD to windows 2003 functional level and going to AD to the functional level of windows 2008R2
I would like to know if this has no effect on the installer or the functioning of the 4.2 ACS and ACS 5.5
can someone tell me if this has no effect on the installer or the functioning of the 4.2 ACS and ACS 5.5?
We have two versions running, since we are in the process of migrating to the latest version.Thanks in advance,
Ralph Willemsen
Arnhem, Netherlands
Hey Ralph,.
4.2 of the ACS is touched by it.
It does not support 2008 R2.
ACS 5.5 is not affected by this upgrade.
Rate if useful :)
Knowledge sharing makes you immortal.
Kind regards
Ed
-
Migration of the existing database of victory ACS 3.3 to device ACS 4.2.15
Hi all
Can anyone suggest me how to migrate the db for windows 3.3 acs acs 4.2.15 device.
We replace the 3.3 victory device 4.2.15 as part of end of life. So we have the eap-tls/peap authentication.
It has huge files. So suggest me the steps to migrate the db to win 3.3 appl 4.2.15.
We need to upgrade to win 3.3 to win 4.0 for win 4.2 & then migrate to appl 4.2?
Or any other way to do it?
Hello
You can take a backup copy of the database of the ACS unit. You can install ACS 3.3 in windows. Restore the backup.
Then you can proceed to 3.3.4 on Windows ACS. make a backup and save it to a different location.
Upgrade the windows of the CSA at 4.1.1.24. take a backup. Save it to a different location.
Then the windows of the CSA 4.2.0.124. resume a backup and save it to a different location.
Now re-images of the device of the ACS for ACS 4.2.0.124. Restore the backup of Windows ACS ACS ACS 4.2.0.124 unit now running.
Now you can upgrade the ACS unit to 4.2.1.15.
I hope this helps.
Kind regards
Anisha
P.S.: Please mark this thread as answered if you feel that your query is resolved. Note the useful messages.
-
The existing migration ssl certificate win 4.2 device acs acs 3.2
Hello
We have the acs server that has the ssl running certficate(certifcate authority) in the acs 3.2 for eap - tls user authentication windows version.
We want the same be migrated to application 4.2 (appliance) acs. I tried in different ways to push the certificate but I couldn't.
I tried the System Configuration Thru--> ACS certificate--> certificate installation to install ACS--> download the certificate file
As I mentioned the FTP server IP address, identification information, name and path
But if I submit the application sound giving the directory not found or incorrect credentials.
In FTP records its showing like this
April 15, 2011 19:41:55 Session 4, Peer 10.190.249.40 PASS welcome2acs
April 15, 2011 19:41:55 Session 4, Peer 10.190.249.40 230 user logged
April 15, 2011 19:41:55 Session 4, Peer 10.190.249.40 FTP: successful connection
April 15, 2011 19:41:55 Session 4, Peer 10.190.249.40 CWD D:\FTP-ACS-AU
April 15, 2011 19:41:55 Session 4, Peer 10.190.249.40 D:\FTP-ACS-AU 550: no such file or directory.
April 15, 2011 19:41:55 Session 4, Peer 10.190.249.40 FTP: connection is closed.
April 15, 2011 19:41:55 Session 4, Peer 10.190.249.40 Session closed by peer
April 15, 2011 19:44:47 Session 5, Peer 10.190.249.40 the FTP Server session
April 15, 2011 19:44:47 Session 5, Peer 10.190.249.40 the FTP Server session
April 15, 2011 19:44:47 Session 5, Peer 10.190.249.40 USER ftpadmin
April 15, 2011 19:44:47 Session 5, Peer 10.249.40 331 ok, need password username
April 15, 2011 19:44:47 Session 5, Peer 10.190.249.40 FTP: connection attempt by: ftpadmin
April 15, 2011 19:44:48 Session 5, Peer 10.190.249.40 PASS welcome2acs
April 15, 2011 19:44:48 Session 5, Peer 10.190.249.40 230 user logged
April 15, 2011 19:44:48 Session 5, Peer 10.190.249.40 FTP: successful connection
April 15, 2011 19:44:48 Session 5, Peer 10.190.249.40 DLG FTP - ACS - to THE
April 15, 2011 19:44:48 Session 5, Peer 10.190.249.40 550 FTP - ACS - to THE: no such file or directory.
April 15, 2011 19:44:48 Session 5, Peer 10.190.249.40 FTP: connection is closed.
April 15, 2011 19:44:48 Session 5, Peer 10.190.249.40 Session closed by peerCan anyone please suggest me what could be the problem in this... is my method won't?
Hello
Directory just enter ' / '.
Just browse for the file field, and shared folder opens automatically.
I hope this helps.
Kind regards
Anisha
P.S.: Please mark this thread as answered if you feel that your query is resolved. Note the useful messages.
-
Cisco ACS to tool Migration of ISE
Hi all.
I am gtrying to migrate using the migration tool in our LABORATORY ACS 5.3 to ISE 1.2 and I take advantage of this error:
D:\migTool>migration.bat
log4j: WARN no such property [encoding] in com.cisco.acs.positron.migration.utils.Log4jTextAreaAppender.
INFO [main] MigrationApplicationDriver.main:56: applies from the main method.
Exception in thread "main" org.springframework.beans.factory.BeanDefinitionStoreException: cannot read the candidate class component: file [D:\migTool\bin\com\cisco\acs\positron\migra
tion\gui\components\treetable\JTreeTable.class]; nested exception is java.lang.ArrayIndexOutOfBoundsException: 3145
at org.springframework.context.annotation.ClassPathScanningCandidateComponentProvider.findCandidateComponents(ClassPathScanningCandidateComponentProvider.java:237)
at com.cisco.acs.positron.migration.MigrationApplicationDriver.main(MigrationApplicationDriver.java:61)
Caused by: java.lang.ArrayIndexOutOfBoundsException: 3145
at org.springframework.asm.ClassReader.readClass (unknown Source)
at org.springframework.asm.ClassReader.accept (unknown Source)
at org.springframework.asm.ClassReader.accept (unknown Source)
to org.springframework.core.type.classreading.SimpleMetadataReader.(SimpleMetadataReader.java:54)
at org.springframework.core.type.classreading.SimpleMetadataReaderFactory.getMetadataReader(SimpleMetadataReaderFactory.java:80)
at org.springframework.core.type.classreading.CachingMetadataReaderFactory.getMetadataReader(CachingMetadataReaderFactory.java:82)
at org.springframework.core.type.classreading.SimpleMetadataReaderFactory.getMetadataReader(SimpleMetadataReaderFactory.java:76)
at org.springframework.core.type.filter.AbstractTypeHierarchyTraversingFilter.match(AbstractTypeHierarchyTraversingFilter.java:105)
at org.springframework.core.type.filter.AbstractTypeHierarchyTraversingFilter.match(AbstractTypeHierarchyTraversingFilter.java:76)
at org.springframework.context.annotation.ClassPathScanningCandidateComponentProvider.isCandidateComponent(ClassPathScanningCandidateComponentProvider.java:280)
at org.springframework.context.annotation.ClassPathScanningCandidateComponentProvider.findCandidateComponents(ClassPathScanningCandidateComponentProvider.java:214)Hello Juan Carlos.
If your query is resolved, then mark them as response.
Thank you
-
Failure of the ACS migration tool
Hi, I am running the migration tool, the following request:
Make sure that the database is running.
ACS DB 4.x is unavailable, enter ACS 4.x database password (encrypted)
:[******]
With the password of database simple, used during the installation of the ACS, I get a fatal error at the end of the procedure like this: "Fatal Error! -Unable to connect to ACS 4.x DB! »
Where can I find the password for the encrypted database ACS?
After the migration log:
07/10/2011-11:41:31 MigrationApplicationCLI.getUserInformation (MigrationApplicationCLI.java:953) ERROR - not read invoke ACS 4 password system. Error on line C:\Work\ACS5x\ccweb_views\dgash_acs5_0_lenovo\vob\nm_acs\acs\mgmt\migration\DbPassword\Password.c 1265, calle API
07/10/2011-11:46:52 MigrationApplicationCLI.getUserInformation (MigrationApplicationCLI.java:953) ERROR - not read invoke ACS 4 password system. Error on line C:\Work\ACS5x\ccweb_views\dgash_acs5_0_lenovo\vob\nm_acs\acs\mgmt\migration\DbPassword\Password.c 1265, calle API
07/10/2011-11:58:08 JavaUtils.isAttachmentSupported(JavaUtils.java:1308) WARN - cannot find the required classes (javax.activation.DataHandler and javax.mail.internet.MimeMultipart). Attachment support is disabled.
07/10/2011-11:58:28 ACS4Connector.checkDBConnectivity (ACS4Connector.java:137) FATAL - Fatal Error! -Unable to connect to ACS 4.x DB!
java.sql.SQLException: [Sybase] [ODBC driver] [Adaptive Server Anywhere] ID invalid user or password
at ianywhere.ml.jdbcodbc.IDriver.makeODBCConnection (Native Method)
at ianywhere.ml.jdbcodbc.IDriver.connect(IDriver.java:354)
at java.sql.DriverManager.getConnection (unknown Source)
at java.sql.DriverManager.getConnection (unknown Source)
at com.cisco.nm.acs.mgmt.migration.ACS4Connector.getConnecter(ACS4Connector.java:66)
at com.cisco.nm.acs.mgmt.migration.ACS4Connector.checkDBConnectivity(ACS4Connector.java:133)
at com.cisco.nm.acs.mgmt.migration.MigrationApplicationCLI.runExport(MigrationApplicationCLI.java:605)
at com.cisco.nm.acs.mgmt.migration.MigrationApplicationCLI.main(MigrationApplicationCLI.java:266)
I use the migration on a VMware machine clone tool, from the console.
Thanks in advance
Creation date: November 8, 2011 14:47 created by: James, Edward C(EDWJAMES,338460) migrating the 4.x to 5.x database
-
Update / migration ACS 4.1 to 4.2
Hi all
I have a few questions about the migration of a Windows ACS server.
Currently we are running on ACS 4.1 / output 4.1 Build 23 (1)
We have a contract of active support for the ACS 4.1 (CSACS - 4.1 - WIN - K9).
Now, we want to switch to ACS 4.2 but it with some remarks.
(1) we need to upgrade our contract to CSACS - 4.2 - WIN - K9?
(2) if we have improved the contract can we download the new software ACS 4.2 of the CEC or do we need to buy the CD?
(3) we want to install the ACS 4.2 with all latest patches on a new server, so, too, that this will be a new IP address.
(4) do we need copy all data from ACS 4.1 to 4.2 this thanks to a restoration or a database sync of ACS 4.1?
(5) by using an eval for ACS 4.2 and the upgrade version then licensed 4.2 ACS needs an eval version uninstall? I read this on the discussion on: https://supportforums.cisco.com/thread/1002944?tstart=900
For point 4), I found that we first have to ACS4.1.1.24 before progressing on the path ACS4.2.X is that correct?
If anyone can answer this question, it would be great.
Kind regards
Philippe
Philippe,
(1) there is no need to upgrade your contract, you are entitled to GBA 4.2 If you have a valid contract for ACS 4.1.
(2) you will need to open a TAC case and get the software published for you, you don't need to buy anything.
(3) that is fine, install a new copy of ACS 4.2.0.124 and then import your 4.1 backup base. After that, you can improve the new 4.2.1.15 ACS ACS patch 3. 4.2.1.15 ACS patch and 4.2.1.15.3 ACS are available on cisco.com here:
http://www.Cisco.com/Cisco/software/release.html?mdfid=281458142&flowid=4398&softwareid=280805677
(4) No., you can restore a 4.1.1.23 database in 4.2.0.124.
(5) as you want to go with a new installation and upgrade of the database I want to uninstall the Eval before installing 4.2.0.124.
-Jesse
-
Patch level ACS migration: 4.1.4 Bundle 13 - >; 5.1
I'm migrating ACS 1111 devices running ACS version 4.1.4 build 13-1121 ACS ACS version 5.1 devices.
In the migration process, it is stated that:
"The machine of migration must be a Windows platform that is running the same version of ACS (including the fix) as the source machine.
and with regard to the supported versions:
"You must install the latest patch for versions of migration supported listed here. In addition, if you have another version of ACS 4.x installed, you must upgrade to one of the supported versions and install the latest patch for this version before you can migrate to ACS 5.1. »
If I check the web associated with ACS version 4.1.4.13 download page, there are many opportunities for software to download from 4.1.4.14.1 and goes up to 4.1.4.13.20.
How do I now which is the patch installed in my system if the ACS Web Interface only provides the information "4.1.4 build 13?
Thank you
If you have installed the patch, ACS web interface also displays the patch level. See the attached screenshot
-
Migration of ACS of the device to windows server
Hello
Is it possible to migrate the ACS 4.2 device to microsoft server 2003?
has tried it before?
R/g
There is no problem to migrate from the device of the CSA to ACS for windows.
If you wish to do this, it is best that your ACS for window running the same version of the code in form of ACS appliance.
You can do a backup on device ACS and restore it on ACS for windows.
-
ISE Migration tool: Unable to connect to the ACS
Hello
I try starting the Cisco migration tool to migrate data to ACS 5.2 to ISE 1.1.
When I run the migration.bat file, I get:
C:\migTool>migration.bat
log4j: WARN no such property [encoding] in com.cisco.acs.positron.migration.utils.Log4jTextAreaAppender.
INFO [main] MigrationApplicationDriver.main:56: applies from the main method.
Org.springframework.context.support.ClassPathXmlApplicat updating of INFORMATION [hand][email protected] / * /: start date [Thu Jul 11 16:46:09 CEST 2013]; root of context hierarchy
INFO [hand] loading XML bean definitions of resource path of class [conf/META-INF/beans.xml]
INFO [hand] instancing of the singletons in org.springframework.beans.factory.s[email protected] / * /: defining beans [exportAuthorizationProfileCache, exportConditionRightOperandCache, exportDevicesCache, exportEnumAttributeIdCache, exportEnumerationCache, exportGenericAttributesCache, exportIdentityAttr
ibuteCache, exportIdentityDictionaryCache, exportIdentitySourceCache, exportPredefinedDataCache, exportRADIUSDictionaryCache, exportServicesCache, exportManagerImpl, m
igrationApplicationManager, migrationPhaseStatefulComponent, stateManager, migrationProcedureModel, migrationApplicationGUI, defaultImportObjectHandlerFactory, import
AllowedProtocolCaching, importAuthZProfileCaching, importDateTimeCaching, importDevicesCaching, importEndPointCaching, importExternalIdentityStoresCache, importIdenti
tySourcesCaching, importPolicyElementsCache, importRadiusProxyCaching, importUsersCaching, importManagerImp, org.springframework.context.annotation.internalConfigura
tionAnnotationProcessor, org.springframework.context.annotation.internalAutowiredAnnotationProcessor, org.springframework.context.annotation.internalRequiredAnnot
ationProcessor, org.springframework.context.annotation.internalCommonAnnotationProcessor]; root of the hierarchy of the factory
[Main] INFO start parsing of the XML query...
[Main] INFO start the process XML analysis...
INFO [Thread-5] Start ACS5 IP connection
WARN [Thread-5] could not find the required classes (javax.activation.DataHandler and javax.mail.internet.MimeMultipart). Attachment support is disabled.
ERROR [Thread-5] error occurred during communication with ACS 5.x. (404) not found
ERROR [Thread-5] error occurred during communication with ACS 5.x. (404) not found
ERROR [Thread-5] failed to connect to the DCC 5 to start exporting. Make sure that:1 migration interface is enabled on the ACS 5 server.
2 ACS 5 services run.
3 ACS 5 IP and username and password are correct.
4 ACS 5 has a compatible license installed.
INFO [Thread-6] Start ACS5 IP connection
ERROR [Thread-6] error occurred during communication with ACS 5.x. (404) not found
ERROR [Thread-6] error occurred during communication with ACS 5.x. (404) not found
ERROR [Thread-6] failed to connect to the DCC 5 to start exporting. Make sure that:1 migration interface is enabled on the ACS 5 server.
2 ACS 5 services run.
3 ACS 5 IP and username and password are correct.
4 ACS 5 has a compatible license installed.Then, I click on the export of ACS, and when I put my name to the ACS server and the password, I get:
"
ERROR [Thread-9] failed to connect to the DCC 5 to start exporting. Please ensure that: INFO [Thread-9] Start ACS5 IP connection
ERROR [Thread-9] error occurred during communication with ACS 5.x. (404) not found
ERROR [Thread-9] error occurred during communication with ACS 5.x. (404) not found
ERROR [Thread-9] failed to connect to the DCC 5 to start exporting. Make sure that:1 migration interface is enabled on the server ACS5
2 ACS 5 services run
3 ACS 5 IP and username and password are correct
4 ACS 5 has a compatible license installed.
Can someone help me?
Best regards
David
You have activated the web interface of migration? Check that you have configured the computer source of Cisco Secure ACS 5.1/5.2 with a unique IP address. The migration tool may fail during the migration if each interface has multiple IP address aliases.
Document taken in charge:
http://www.Cisco.com/en/us/docs/security/ISE/1.0.4/migration_guide/ise10_mig_install.html
~ BR
Jatin kone* Does the rate of useful messages *.
Maybe you are looking for
-
Why does not open Sophos on my Mac Mini?
-
After installation clean on a new processor, preview before print still crashes FF
Print Preview worked fine on the old computer, but on the new, he always causes Firefox to crash. This happens if I use the 'Print Preview' command separate from the drop file, or use the button print in the toolbar that opens automatically in the pr
-
Computer ThinClient T510, T610 Citrix Receiver branding
Nice day Does anyone know where the file that manages the configuration of the appearance of the Citrix Receiver on the Smart zero Core OS screen? I was able to change the background, add my logo and other things but I would like to change the backgr
-
I have Windows 7. Why would I need Hello? I can it safely remove?
I have Windows 7. Why would I need Hello? I can it safely remove?
-
How to set the date and time on an hp j5780?
I need to know how to set the date and time on an HP j5780! Help!