I'm currently looking to migrate a customer from ACS 3.3 on a Win2K server to an Appliance.
The current ACS server provides AAA for approx 1000 routers/switches etc to provide authentication for interactive logon (via Novell LDAP) and scripted maintenance logon (via local DB). ACS also provides accounting for logon/configuration changes etc.
Q1. Will both 5.1 and 4.2 ACS appliance engines provide these facilities (local db/ldap etc), if so then 5.1 would be the best choice?
Q2. Can the data (AAA clients/users etc) be exported from 3.3 and imported to 4.2 or 5.1, as ideally I want to keep the original server untouched for rollback.
Both 5.1 and ACS 4.2 ACS appliance support authentication against LDAP and local DB.
ACS 5.1 is the next generation ACS platform and provides a policy based mechanism for defining authorizations; as opposed to the user/group based mechanisms in ACS 4.2.
To migrate the system from ACS 3.3 requires a two stage process:
1) upgrade to ACS 4.2
2) migrate data from ACS 4.2 to ACS 5.1
The second migration process can extract all user/device definitions from the ACS 4.2 to ACS 5.1 and then need to create the appropriate policies that define the user access
The ACS 5.1 DVD set should include all the required software versions to perform this upgrade although I am not familiar with the specifics of upgrade of ACS 3.3 to ACS 4.2. The original 3.3 system could be kept in place and the upgrade/migration be performed on a parallel system.
ACS 5.1 does have capability to import user/device data from a csv file and so if can get the data in this format can avoid all the upgrade/migration related activities
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...