ACS 3.3 to 5.3 migration

Hello

I would like to migrate ACS 3.3 to 5.3 smoothly. To do this, I want to redirect GBA 5.3 unknown users in the old one in 3.3. I define ACS proxy but I do not know how to set up the 'Access policies' and 'Service selection rule' to tell about ACS 5.3 to redirect unknown users on ACS 5.3.

Could you help me for this config or give me an example of configuration.

Thanks in advance

well well

You must set the server RADIUS identity under users entry and identity stores pointing your ACS 5.3

You then define a sequence, identity that lists the databases currently deployed on your DCC 5 first, followed by the entry that you have defined for ACS 3.3.

the link of this sequence of identity to your strategies of identity for services already defined.

--------------------------------------------------------------------------------------

Please don't forget to rate correct answers

Tags: Cisco Security

Similar Questions

  • ACS 4.2 to 5.8 migration

    Team - I have a client who wants to migrate its ACS of 4.2 to 5.8.  They currently have a primary and a backup server.

    (1) can anyone offer a migration plan to avoid any downtime during the migration.

    (2) would not, it requires a change of configuration in all network devices, is it possible to centre?

    I have no experience in doing so. Any help on this is appreciated.

    Bijbalak

    You should not need a plan B, I got in some work environments. But if you decide not to use the migration tool, you can use CSUtil and analyze the image to a CSV file that ACS 5.x can import

    http://www.Cisco.com/c/en/us/TD/docs/net_mgmt/cisco_secure_access_contro...

    I have not encountered any problems with the migration on a Windows server 4.2 ACS work tool.

  • ACS migration utility

    Hello

    I use the Migration utility to migrate a 4.2 ACS to an ACS 5.2.

    Shape the newspaper I see the migration is completed successfully, however, No 4.2 object appear in the ACS 5.2.

    > Is there a way to check the ACS 5.2 database because the migration failed despite the "success" message in the log of the Migrator?

    Now I'm 'migration' ACS manually, which is a little bad...

    Kind regards

    Thibault.

    Hello

    Migration can be a bit tricky and when I ran into this issue before that it was because the changes have not been actually migrated to ACS.  It's actually a 2 step process:

    (1) Analyze and export (this creates the files to import into DCC 5 locally on the migration computer.

    (2) import - this import actually data in DCC 5 (this is the most often missed step).

    In addition, here are some useful tips if everything goes well for your migration:

    1) begins with a new database and import your first set of objects, if you don't like it you can use the command 'acs reset-config' command line to restore ACS to factory default.

    (2) after that you have the first series of imported objects take an EC of backup, when you go to import your next series of objects and you end up not liking is where imports put objects you can restore that backup and do not lose your previously imported data that you liked.

    HTH

    -Jesse

  • Cisco ACS 3.2 compatibility

    We have a few servers ACS 3.2 old, legacy and soon-to-be-replaced-with-5.1.  One of them had some serious problems and must be rebuilt.

    The current operating system is Win2k.  We were going to upgrade the OS to 2003 while he was down.  Are there problems of compatibility with 3.2 and 2003?  Anyone had any success is 3.2 to run on this?

    Thank you

    Hello

    ACS 3.2 on Windows 2003 has never been tested, so we don't know whether or not you will encounter problems with 3.2 on 2003.  I see a problem that you might encounter where the GANYMEDE + and RADIUS services may not start automatically after a reboot and will have to be started manually:

    CSCsb81671 : services CSTacacs and CSRadius do not start with Windows 2003

    I personally would stick with Windows 2000 for ACS 3.2 since you are migrating out of these servers soon anyway.

    -Jesse

  • VPN authentication and wireless through ACS 5.4

    Hello,
    

    I am  in the process of migrating from ACS 4.1.1.23 to ACS 5.4. I have migrated our users and Network Device Groups and configured external Identity stores like AD and RSA. I want to authenticate our Wireless users with AD and VPN users through RSA. I am unable to create policies to get this UP and working. I need help in this regarding the policy creation.
    
As I am new to the ACS 5.4 any help with the step by step configuration of the WLAN and VPN
    
authentication will be appreciated.
    

    Thanks in advance.
    

    Regards,
    

    Anand

    This is possible by creating access to two Services: one that authenticates with AD and the other against RSA.

    Then have need develop a selection of Service policy that will result in one of these two services. One possibility could be NAS-Port-Type in the RADIUS dictionary which should be 'Wireless - IEEE 802.11.

  • GBA upgrade path

    We have a device with 4.1.1.24 1113.  Can we make an installation on a 1121 and put 5.2 on it, and then restore the 4.1.1.24 db... ??

    You must deploy a separate server 4.x with the current configuration for migration in addition to your Server 4.x production ACS ACS and ACS 5.0 device. In this way, you can continue to run your production ACS 4.x server while you migrate the data to ACS 5.0.
    For more information on migration 4.x to 5.0 ACS ACS refer to the Migration Guide below:

    http://tinyurl.com/2g2tkog

    Note: Please rate the answer if it helps

  • Migration win2003 win2008R2 impact on ACS?

    We use AD to windows 2003 functional level and going to AD to the functional level of windows 2008R2
    I would like to know if this has no effect on the installer or the functioning of the 4.2 ACS and ACS 5.5
    can someone tell me if this has no effect on the installer or the functioning of the 4.2 ACS and ACS 5.5?
    We have two versions running, since we are in the process of migrating to the latest version.

    Thanks in advance,

    Ralph Willemsen

    Arnhem, Netherlands

    Hey Ralph,.

    4.2 of the ACS is touched by it.

    It does not support 2008 R2.

    ACS 5.5 is not affected by this upgrade.

    Rate if useful :)

    Knowledge sharing makes you immortal.

    Kind regards

    Ed

  • Migration of the existing database of victory ACS 3.3 to device ACS 4.2.15

    Hi all

    Can anyone suggest me how to migrate the db for windows 3.3 acs acs 4.2.15 device.

    We replace the 3.3 victory device 4.2.15 as part of end of life. So we have the eap-tls/peap authentication.

    It has huge files. So suggest me the steps to migrate the db to win 3.3 appl 4.2.15.

    We need to upgrade to win 3.3 to win 4.0 for win 4.2 & then migrate to appl 4.2?

    Or any other way to do it?

    Hello

    You can take a backup copy of the database of the ACS unit. You can install ACS 3.3 in windows. Restore the backup.

    Then you can proceed to 3.3.4 on Windows ACS. make a backup and save it to a different location.

    Upgrade the windows of the CSA at 4.1.1.24. take a backup. Save it to a different location.

    Then the windows of the CSA 4.2.0.124. resume a backup and save it to a different location.

    Now re-images of the device of the ACS for ACS 4.2.0.124. Restore the backup of Windows ACS ACS ACS 4.2.0.124 unit now running.

    Now you can upgrade the ACS unit to 4.2.1.15.

    I hope this helps.

    Kind regards

    Anisha

    P.S.: Please mark this thread as answered if you feel that your query is resolved. Note the useful messages.

  • The existing migration ssl certificate win 4.2 device acs acs 3.2

    Hello

    We have the acs server that has the ssl running certficate(certifcate authority) in the acs 3.2 for eap - tls user authentication windows version.

    We want the same be migrated to application 4.2 (appliance) acs. I tried in different ways to push the certificate but I couldn't.

    I tried the System Configuration Thru--> ACS certificate--> certificate installation to install ACS--> download the certificate file

    As I mentioned the FTP server IP address, identification information, name and path

    But if I submit the application sound giving the directory not found or incorrect credentials.

    In FTP records its showing like this

    April 15, 2011 19:41:55 Session 4, Peer 10.190.249.40 PASS welcome2acs
    April 15, 2011 19:41:55 Session 4, Peer 10.190.249.40 230 user logged
    April 15, 2011 19:41:55 Session 4, Peer 10.190.249.40 FTP: successful connection
    April 15, 2011 19:41:55 Session 4, Peer 10.190.249.40 CWD D:\FTP-ACS-AU
    April 15, 2011 19:41:55 Session 4, Peer 10.190.249.40 D:\FTP-ACS-AU 550: no such file or directory.
    April 15, 2011 19:41:55 Session 4, Peer 10.190.249.40 FTP: connection is closed.
    April 15, 2011 19:41:55 Session 4, Peer 10.190.249.40 Session closed by peer
    April 15, 2011 19:44:47 Session 5, Peer 10.190.249.40 the FTP Server session
    April 15, 2011 19:44:47 Session 5, Peer 10.190.249.40 the FTP Server session
    April 15, 2011 19:44:47 Session 5, Peer 10.190.249.40 USER ftpadmin
    April 15, 2011 19:44:47 Session 5, Peer 10.249.40 331 ok, need password username
    April 15, 2011 19:44:47 Session 5, Peer 10.190.249.40 FTP: connection attempt by: ftpadmin
    April 15, 2011 19:44:48 Session 5, Peer 10.190.249.40 PASS welcome2acs
    April 15, 2011 19:44:48 Session 5, Peer 10.190.249.40 230 user logged
    April 15, 2011 19:44:48 Session 5, Peer 10.190.249.40 FTP: successful connection
    April 15, 2011 19:44:48 Session 5, Peer 10.190.249.40 DLG FTP - ACS - to THE
    April 15, 2011 19:44:48 Session 5, Peer 10.190.249.40 550 FTP - ACS - to THE: no such file or directory.
    April 15, 2011 19:44:48 Session 5, Peer 10.190.249.40 FTP: connection is closed.
    April 15, 2011 19:44:48 Session 5, Peer 10.190.249.40 Session closed by peer

    Can anyone please suggest me what could be the problem in this... is my method won't?

    Hello

    Directory just enter ' / '.

    Just browse for the file field, and shared folder opens automatically.

    I hope this helps.

    Kind regards

    Anisha

    P.S.: Please mark this thread as answered if you feel that your query is resolved. Note the useful messages.

  • Cisco ACS to tool Migration of ISE

    Hi all.

    I am gtrying to migrate using the migration tool in our LABORATORY ACS 5.3 to ISE 1.2 and I take advantage of this error:

    D:\migTool>migration.bat
    log4j: WARN no such property [encoding] in com.cisco.acs.positron.migration.utils.Log4jTextAreaAppender.
    INFO [main] MigrationApplicationDriver.main:56: applies from the main method.
    Exception in thread "main" org.springframework.beans.factory.BeanDefinitionStoreException: cannot read the candidate class component: file [D:\migTool\bin\com\cisco\acs\positron\migra
    tion\gui\components\treetable\JTreeTable.class]; nested exception is java.lang.ArrayIndexOutOfBoundsException: 3145
    at org.springframework.context.annotation.ClassPathScanningCandidateComponentProvider.findCandidateComponents(ClassPathScanningCandidateComponentProvider.java:237)
    at com.cisco.acs.positron.migration.MigrationApplicationDriver.main(MigrationApplicationDriver.java:61)
    Caused by: java.lang.ArrayIndexOutOfBoundsException: 3145
    at org.springframework.asm.ClassReader.readClass (unknown Source)
    at org.springframework.asm.ClassReader.accept (unknown Source)
    at org.springframework.asm.ClassReader.accept (unknown Source)
    to org.springframework.core.type.classreading.SimpleMetadataReader. (SimpleMetadataReader.java:54)
    at org.springframework.core.type.classreading.SimpleMetadataReaderFactory.getMetadataReader(SimpleMetadataReaderFactory.java:80)
    at org.springframework.core.type.classreading.CachingMetadataReaderFactory.getMetadataReader(CachingMetadataReaderFactory.java:82)
    at org.springframework.core.type.classreading.SimpleMetadataReaderFactory.getMetadataReader(SimpleMetadataReaderFactory.java:76)
    at org.springframework.core.type.filter.AbstractTypeHierarchyTraversingFilter.match(AbstractTypeHierarchyTraversingFilter.java:105)
    at org.springframework.core.type.filter.AbstractTypeHierarchyTraversingFilter.match(AbstractTypeHierarchyTraversingFilter.java:76)
    at org.springframework.context.annotation.ClassPathScanningCandidateComponentProvider.isCandidateComponent(ClassPathScanningCandidateComponentProvider.java:280)
    at org.springframework.context.annotation.ClassPathScanningCandidateComponentProvider.findCandidateComponents(ClassPathScanningCandidateComponentProvider.java:214)

    Hello Juan Carlos.

    If your query is resolved, then mark them as response.

    Thank you

  • Failure of the ACS migration tool

    Hi, I am running the migration tool, the following request:

    Make sure that the database is running.

    ACS DB 4.x is unavailable, enter ACS 4.x database password (encrypted)

    :[******]

    With the password of database simple, used during the installation of the ACS, I get a fatal error at the end of the procedure like this: "Fatal Error! -Unable to connect to ACS 4.x DB! »

    Where can I find the password for the encrypted database ACS?

    After the migration log:

    07/10/2011-11:41:31 MigrationApplicationCLI.getUserInformation (MigrationApplicationCLI.java:953) ERROR - not read invoke ACS 4 password system. Error on line C:\Work\ACS5x\ccweb_views\dgash_acs5_0_lenovo\vob\nm_acs\acs\mgmt\migration\DbPassword\Password.c 1265, calle API

    07/10/2011-11:46:52 MigrationApplicationCLI.getUserInformation (MigrationApplicationCLI.java:953) ERROR - not read invoke ACS 4 password system. Error on line C:\Work\ACS5x\ccweb_views\dgash_acs5_0_lenovo\vob\nm_acs\acs\mgmt\migration\DbPassword\Password.c 1265, calle API

    07/10/2011-11:58:08 JavaUtils.isAttachmentSupported(JavaUtils.java:1308) WARN - cannot find the required classes (javax.activation.DataHandler and javax.mail.internet.MimeMultipart). Attachment support is disabled.

    07/10/2011-11:58:28 ACS4Connector.checkDBConnectivity (ACS4Connector.java:137) FATAL - Fatal Error! -Unable to connect to ACS 4.x DB!

    java.sql.SQLException: [Sybase] [ODBC driver] [Adaptive Server Anywhere] ID invalid user or password

    at ianywhere.ml.jdbcodbc.IDriver.makeODBCConnection (Native Method)

    at ianywhere.ml.jdbcodbc.IDriver.connect(IDriver.java:354)

    at java.sql.DriverManager.getConnection (unknown Source)

    at java.sql.DriverManager.getConnection (unknown Source)

    at com.cisco.nm.acs.mgmt.migration.ACS4Connector.getConnecter(ACS4Connector.java:66)

    at com.cisco.nm.acs.mgmt.migration.ACS4Connector.checkDBConnectivity(ACS4Connector.java:133)

    at com.cisco.nm.acs.mgmt.migration.MigrationApplicationCLI.runExport(MigrationApplicationCLI.java:605)

    at com.cisco.nm.acs.mgmt.migration.MigrationApplicationCLI.main(MigrationApplicationCLI.java:266)

    I use the migration on a VMware machine clone tool, from the console.

    Thanks in advance

    Creation date: November 8, 2011 14:47 created by: James, Edward C(EDWJAMES,338460) migrating the 4.x to 5.x database

  • Update / migration ACS 4.1 to 4.2

    Hi all

    I have a few questions about the migration of a Windows ACS server.

    Currently we are running on ACS 4.1 / output 4.1 Build 23 (1)

    We have a contract of active support for the ACS 4.1 (CSACS - 4.1 - WIN - K9).

    Now, we want to switch to ACS 4.2 but it with some remarks.

    (1) we need to upgrade our contract to CSACS - 4.2 - WIN - K9?

    (2) if we have improved the contract can we download the new software ACS 4.2 of the CEC or do we need to buy the CD?

    (3) we want to install the ACS 4.2 with all latest patches on a new server, so, too, that this will be a new IP address.

    (4) do we need copy all data from ACS 4.1 to 4.2 this thanks to a restoration or a database sync of ACS 4.1?

    (5) by using an eval for ACS 4.2 and the upgrade version then licensed 4.2 ACS needs an eval version uninstall? I read this on the discussion on: https://supportforums.cisco.com/thread/1002944?tstart=900

    For point 4), I found that we first have to ACS4.1.1.24 before progressing on the path ACS4.2.X is that correct?

    Link: http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2/installation/guide/windows/install.html#wp1080517

    If anyone can answer this question, it would be great.

    Kind regards

    Philippe

    Philippe,

    (1) there is no need to upgrade your contract, you are entitled to GBA 4.2 If you have a valid contract for ACS 4.1.

    (2) you will need to open a TAC case and get the software published for you, you don't need to buy anything.

    (3) that is fine, install a new copy of ACS 4.2.0.124 and then import your 4.1 backup base.  After that, you can improve the new 4.2.1.15 ACS ACS patch 3.  4.2.1.15 ACS patch and 4.2.1.15.3 ACS are available on cisco.com here:

    http://www.Cisco.com/Cisco/software/release.html?mdfid=281458142&flowid=4398&softwareid=280805677

    (4) No., you can restore a 4.1.1.23 database in 4.2.0.124.

    (5) as you want to go with a new installation and upgrade of the database I want to uninstall the Eval before installing 4.2.0.124.

    -Jesse

  • Patch level ACS migration: 4.1.4 Bundle 13 - > 5.1

    I'm migrating ACS 1111 devices running ACS version 4.1.4 build 13-1121 ACS ACS version 5.1 devices.

    In the migration process, it is stated that:

    "The machine of migration must be a Windows platform that is running the same version of ACS (including the fix) as the source machine.

    and with regard to the supported versions:

    "You must install the latest patch for versions of migration supported listed here. In addition, if you have another version of ACS 4.x installed, you must upgrade to one of the supported versions and install the latest patch for this version before you can migrate to ACS 5.1. »

    If I check the web associated with ACS version 4.1.4.13 download page, there are many opportunities for software to download from 4.1.4.14.1 and goes up to 4.1.4.13.20.

    How do I now which is the patch installed in my system if the ACS Web Interface only provides the information "4.1.4 build 13?

    Thank you

    If you have installed the patch, ACS web interface also displays the patch level. See the attached screenshot

  • Migration of ACS of the device to windows server

    Hello

    Is it possible to migrate the ACS 4.2 device to microsoft server 2003?

    has tried it before?

    R/g

    There is no problem to migrate from the device of the CSA to ACS for windows.

    If you wish to do this, it is best that your ACS for window running the same version of the code in form of ACS appliance.

    You can do a backup on device ACS and restore it on ACS for windows.

  • ISE Migration tool: Unable to connect to the ACS

    Hello

    I try starting the Cisco migration tool to migrate data to ACS 5.2 to ISE 1.1.

    When I run the migration.bat file, I get:

    C:\migTool>migration.bat
    log4j: WARN no such property [encoding] in com.cisco.acs.positron.migration.utils.Log4jTextAreaAppender.
    INFO [main] MigrationApplicationDriver.main:56: applies from the main method.
    Org.springframework.context.support.ClassPathXmlApplicat updating of INFORMATION [hand][email protected] / * /: start date [Thu Jul 11 16:46:09 CEST 2013]; root of context hierarchy
    INFO [hand] loading XML bean definitions of resource path of class [conf/META-INF/beans.xml]
    INFO [hand] instancing of the singletons in org.springframework.beans.factory.s[email protected] / * /: defining beans [exportAuthorizationProfileCache, exportConditionRightOperandCache, exportDevicesCache, exportEnumAttributeIdCache, exportEnumerationCache, exportGenericAttributesCache, exportIdentityAttr
    ibuteCache, exportIdentityDictionaryCache, exportIdentitySourceCache, exportPredefinedDataCache, exportRADIUSDictionaryCache, exportServicesCache, exportManagerImpl, m
    igrationApplicationManager, migrationPhaseStatefulComponent, stateManager, migrationProcedureModel, migrationApplicationGUI, defaultImportObjectHandlerFactory, import
    AllowedProtocolCaching, importAuthZProfileCaching, importDateTimeCaching, importDevicesCaching, importEndPointCaching, importExternalIdentityStoresCache, importIdenti
    tySourcesCaching, importPolicyElementsCache, importRadiusProxyCaching, importUsersCaching, importManagerImp, org.springframework.context.annotation.internalConfigura
    tionAnnotationProcessor, org.springframework.context.annotation.internalAutowiredAnnotationProcessor, org.springframework.context.annotation.internalRequiredAnnot
    ationProcessor, org.springframework.context.annotation.internalCommonAnnotationProcessor]; root of the hierarchy of the factory
    [Main] INFO start parsing of the XML query...
    [Main] INFO start the process XML analysis...
    INFO [Thread-5] Start ACS5 IP connection
    WARN [Thread-5] could not find the required classes (javax.activation.DataHandler and javax.mail.internet.MimeMultipart). Attachment support is disabled.
    ERROR [Thread-5] error occurred during communication with ACS 5.x. (404) not found
    ERROR [Thread-5] error occurred during communication with ACS 5.x. (404) not found
    ERROR [Thread-5] failed to connect to the DCC 5 to start exporting. Make sure that:

    1 migration interface is enabled on the ACS 5 server.
    2 ACS 5 services run.
    3 ACS 5 IP and username and password are correct.
    4 ACS 5 has a compatible license installed.
    INFO [Thread-6] Start ACS5 IP connection
    ERROR [Thread-6] error occurred during communication with ACS 5.x. (404) not found
    ERROR [Thread-6] error occurred during communication with ACS 5.x. (404) not found
    ERROR [Thread-6] failed to connect to the DCC 5 to start exporting. Make sure that:

    1 migration interface is enabled on the ACS 5 server.
    2 ACS 5 services run.
    3 ACS 5 IP and username and password are correct.
    4 ACS 5 has a compatible license installed.

    Then, I click on the export of ACS, and when I put my name to the ACS server and the password, I get:

    "

    ERROR [Thread-9] failed to connect to the DCC 5 to start exporting. Please ensure that: INFO [Thread-9] Start ACS5 IP connection
    ERROR [Thread-9] error occurred during communication with ACS 5.x. (404) not found
    ERROR [Thread-9] error occurred during communication with ACS 5.x. (404) not found
    ERROR [Thread-9] failed to connect to the DCC 5 to start exporting. Make sure that:

    1 migration interface is enabled on the server ACS5

    2 ACS 5 services run

    3 ACS 5 IP and username and password are correct

    4 ACS 5 has a compatible license installed.

    Can someone help me?

    Best regards

    David

    You have activated the web interface of migration? Check that you have configured the computer source of Cisco Secure ACS 5.1/5.2 with a unique IP address. The migration tool may fail during the migration if each interface has multiple IP address aliases.

    Document taken in charge:

    http://www.Cisco.com/en/us/docs/security/ISE/1.0.4/migration_guide/ise10_mig_install.html

    ~ BR
    Jatin kone

    * Does the rate of useful messages *.

Maybe you are looking for