Brand New ACS 1120

Answered Question
Feb 26th, 2010

Alright,

my company bought an ACS 1120, no SMARTNET support of course, and I'm getting prepared to deploy it.

I've litterally gotten it out of the box and powered it up...

in the box came several CD/DVD's of which is ACS 4.1 for windows;  4.2 for windows; and one that has a copy of a Windows Server (looks like a special version, i'm writing this post from home and dont have the CD's in front of me, sorry)...

My question is merely, do i ust run through the initial setup prompts?  And is it necessary to start at 4.1 and upgrade as I go (ie...4.2, then 5.0)???  Or can I go straight to 5.0?

Bruce

I have this problem too.
0 votes
Correct Answer by jrabinow about 6 years 9 months ago

The ACS 4,x software you have been shipped is to assist customers who need to migrate from an earlier 3.x/4.x release. If they are on a specific 3.x release they can upgrade,using the disks to 4.x and then perform a migration procedure to ACS 5.0/5.1 tomigrate certain subsets of the data. The migration procedure requires ACS 4.x to be installed on a windows PC so the disks can also be used by customers who have a closed 4.x appliance and need to backup the database and then restore data onto an ACS 4.x windows based installation created using the disks provided.

For new installations these disks are not applcable and just need to run the basic setup. However, as others have suggested, if you are just getting started, I would recommend downloading ACS 5.1 from CCO and reimaging so that you can work with the latest version. Note the ACS 5.0 license can be used for ACS 5.1 as well

Correct Answer by gyakubov about 6 years 9 months ago

Right

ACS for WIndows (whatewer version you have) will run on Windows 2003 server (see inatllation requirements for details) ACS 5.X exists only as appliance or VMWare image. In general - appliance is more hardened in terms of viruses and intrusions

Correct Answer by ansalaza about 6 years 9 months ago

If your goal is to have ACS 5.X running, then go straight to it, download ACS 5.1, which has most ACS 4.X features.

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.1/release/notes/acs_51_rn.html#wp71092

If I am not wrong your 1120 should already be running ACS 5.0...but just in case you should also be able to download the DVD from CCO:

ACS 5.1:

http://download-sj.cisco.com/swc/esd/03/crypto/3DES/282773289/contract/ACS_v5.1.0.44.iso

ACS 5.0:

http://download-sj.cisco.com/swc/esd/03/crypto/3DES/282382303/contract/ACS-5.0.0.21.iso

You will require a valid license for ACS 5.X, which will need to be issued by the Licensing Team.

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.1/release/notes/acs_51_rn.html#wp114337

If you prefer you can stay with ACS 4.2; you would need to intall the "ACS 42. s/w for cisco 1120 appliance", this type of ACS will be preinstalled with the OS and you cannot access the OS.

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_solution_engine/4.2/installation/guide/solution_engine/prepap.html

The migration from ACS 4.2 to ACS 5.X is not something recommended since they are totally different breads!

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.0/user/guide/migrate.html#wp1052577

HTH,

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (3 ratings)
Loading.
Bruce Summers Fri, 02/26/2010 - 05:52

added note:

the software CD that I have that i refer to as "special version" is actually ACS 42. s/w for cisco 1120 appliance, but has a Windows Svr 2003 Teleco SVR App SW 3.0 1-4 CPU...

I'm assuming this is goiing to be installed at some point...

gyakubov Fri, 02/26/2010 - 06:07

Hi Bruce.

ACS 1120 is HW version of the appliance. It is shipped with ACS 5.0 preinstalled and ACS 4.2 on, so called, recovery CD. Check with your PO what your company purchased exactly.  If ACS 4.2 is what you purchased, so yes, you should instert disk labelled ACS 4.2 and follow the instructions.

Correct Answer
ansalaza Fri, 02/26/2010 - 06:07

If your goal is to have ACS 5.X running, then go straight to it, download ACS 5.1, which has most ACS 4.X features.

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.1/release/notes/acs_51_rn.html#wp71092

If I am not wrong your 1120 should already be running ACS 5.0...but just in case you should also be able to download the DVD from CCO:

ACS 5.1:

http://download-sj.cisco.com/swc/esd/03/crypto/3DES/282773289/contract/ACS_v5.1.0.44.iso

ACS 5.0:

http://download-sj.cisco.com/swc/esd/03/crypto/3DES/282382303/contract/ACS-5.0.0.21.iso

You will require a valid license for ACS 5.X, which will need to be issued by the Licensing Team.

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.1/release/notes/acs_51_rn.html#wp114337

If you prefer you can stay with ACS 4.2; you would need to intall the "ACS 42. s/w for cisco 1120 appliance", this type of ACS will be preinstalled with the OS and you cannot access the OS.

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_solution_engine/4.2/installation/guide/solution_engine/prepap.html

The migration from ACS 4.2 to ACS 5.X is not something recommended since they are totally different breads!

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.0/user/guide/migrate.html#wp1052577

HTH,

Bruce Summers Fri, 02/26/2010 - 08:21

thanks folks,

Understand about the appliance itself running a flavor (probably 5.0, havent actually started in on the "setup" yet).  Was trying to make sense of what they shipped me (the ACS for Windows is throwing me off)....Is this software that will run on a server without the appliance itself?

Bruce

Correct Answer
gyakubov Fri, 02/26/2010 - 09:28

Right

ACS for WIndows (whatewer version you have) will run on Windows 2003 server (see inatllation requirements for details) ACS 5.X exists only as appliance or VMWare image. In general - appliance is more hardened in terms of viruses and intrusions

ansalaza Fri, 02/26/2010 - 14:01

The ACS 4.x  that you should have is the Appliance ACS Version, where you don't have access to the OS only to the ACS application (through a GUI).

Note:This type of ACS is installed with the OS all at once.

HTH,

Correct Answer
jrabinow Sun, 02/28/2010 - 21:02

The ACS 4,x software you have been shipped is to assist customers who need to migrate from an earlier 3.x/4.x release. If they are on a specific 3.x release they can upgrade,using the disks to 4.x and then perform a migration procedure to ACS 5.0/5.1 tomigrate certain subsets of the data. The migration procedure requires ACS 4.x to be installed on a windows PC so the disks can also be used by customers who have a closed 4.x appliance and need to backup the database and then restore data onto an ACS 4.x windows based installation created using the disks provided.

For new installations these disks are not applcable and just need to run the basic setup. However, as others have suggested, if you are just getting started, I would recommend downloading ACS 5.1 from CCO and reimaging so that you can work with the latest version. Note the ACS 5.0 license can be used for ACS 5.1 as well

ggalteroo Wed, 04/14/2010 - 06:47

Hello

Could any of you guys provide a link for downloading the re-image DVD for the appliance 1120 v4.2?

Thanks a lot

Guido

mutambudzi Thu, 05/13/2010 - 06:26

Has any one in this forum encountered the following error message when trying to use t

he Active Directory for user authentication with Cisco 1120 ACS 5.0?:

"Error while configuring Active Directory: Using writable domain controller: company.com: (Kerberos) : Cannot contact any KDC for requested realm due to unexpected configuration or network error.Please try the --verbose option or run 'adinfo --diag' to diagnose the problem.Join to domain company.com, zone 'null' failed."

Jatin Katyal Thu, 05/13/2010 - 06:45


Hi,


Looks like there is something in between ACS and AD, could be a firewall that is why we are not able to contact KDC.


These ports should be opened for DC: LDAP 389/tcp LDAP 389/udp SMB 445/tcp KDC 88/tcp Global catalog 3268/tcp KPASS 464/tcp NTP 123/udp.


HTH


Rgds,

JK


Do rate helpful posts-

mutambudzi Mon, 05/17/2010 - 13:16

Hi,

Would the Cisco Secure ACS 5.0 engine need to be added to Windows AD as a computer object for the integration to work?

PM.

Actions

This Discussion