Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
810
Views
0
Helpful
3
Replies

Adding second ACS server to exisitng 4.2 server

tahequivoice
Level 2
Level 2

‎05-14-2012 08:16 AM - edited ‎03-10-2019 07:05 PM

Question on this, is 5.2 backwards compatible with 4.2 appliance? If not, what is needed to bring the 4.2 appliance up to 5.2 and will the VMWare version work for the second system with the appliance as primary?  Years ago I had 2 of them and replication worked flawlessly, but we had to take the one unit offline for another project and have never replaced it.

Can I still get 4.2 from Cisco for this?

Labels:
0 Helpful
3 Replies 3

mauzamor
Level 1
Level 1

‎05-14-2012 09:23 AM

-You cannot restore any backup file from ACS 4.x into a 5.x server, you can only migrate a few options:

Elements supported for migration:

http://tools.cisco.com/squish/f7E1e

Elements not supported for migration:

http://tools.cisco.com/squish/4a261

-ACS 5.x works with VM for primary or secondary just fine:

http://www.cisco.com/en/US/partner/docs/net_mgmt/cisco_secure_access_control_system/5.3/installation/guide/csacs_vmware.html#wp1069964

-If your contract allows you to have 2 ACS servers 4.x you will be able to get 4.2, however the file is not available in the Cisco page (only the trial version is), you will need to contact TAC to get this software.

Let me know if you have any other doubt.

0 Helpful

tahequivoice
Level 2
Level 2
In response to mauzamor

‎05-14-2012 09:32 AM

Well, that sure looks to be  a real PITA for TACACS and RADIUS AAA use only.  Looks like 2 machines are required to upgrade an appliance. So to do that a second server on windows needs to be built, retore the configuration over to that server, then upgrade the appliance and then migrate from the backed up box to the appliance. It's as bad as going from 8.x to 8.4 on an ASA.  Some work fine, others you might as well write erase and start over.

0 Helpful

ppbenac
Level 1
Level 1

‎05-14-2012 09:41 AM

The simple answer to you question is No!   The RDBMS for 4.2 will not sync with 5.2.  Since the databases will not sync it kind of defeats the purpose of redundant servers.  If you are using ODBC you could setup some type of script to create a CVS file on the master and import it to the slave, but there is nothing to prevent the slave from being corrupted if an admin should happen to connect with the slave. 

I have never used the appliance based ACS, so I can't answer that part of the question; however, you can probably locate a copy of 4.2 through some Cisco Vendor someplace, but it is end of life so getting it from Cisco probably is not an option.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents