Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1572
Views
11
Helpful
4
Replies

ISE configuration and operational backup restore from 2.6 to 3.2?

Go to solution
mandip kaloti
Level 1
Level 1

‎08-11-2023 06:14 AM

Does ISE supports  configuration and operational backup restore from 2.6 to 3.2 version?

1 person had this problem
Labels:
1 Accepted Solution

Accepted Solutions

Go to solution
marce1000
VIP
VIP

‎08-11-2023 07:48 AM - edited ‎08-11-2023 07:52 AM

 

 - According to https://www.cisco.com/c/en/us/td/docs/security/ise/3-2/upgrade_guide/Upgrade_Journey/Cisco_ISE_3-2_Upgrade_Journey.html#id_119620 ; it doesn't ;      you will need at least 2.7

(from the link)

Backup and Restore Upgrade Process

This section describes the upgrade process using the recommended Backup and Restore Upgrade method.

If you are currently using Cisco ISE, Release 2.7 or later, you can directly upgrade to Cisco ISE, Release 3.2.

In case you are using a Cisco ISE version that is not compatible to Cisco ISE Release 3.2, you need to first upgrade to an intermediate version, compatible to Cisco ISE, Release 3.2. And then you can upgrade from the intermediate version to Cisco ISE, Release 3.2. Follow the below steps to upgrade to an intermediate Cisco ISE version.

Upgrade Secondary PAN and Secondary MnT Nodes to Cisco ISE, Release 2.7, 3.0 or 3.13.0, 3.1 or 3.2

Before you begin

Restore backup from your existing Cisco ISE to intermediate Cisco ISE Release. If you do not want to retain the older reporting data, skip steps 4 to 6.

Procedure

Step 1

De-register Secondary PAN node.

Step 2

Re-image the deregistered Secondary PAN node to the intermediate Cisco ISE Release, as a standalone node. After the install, make this node the Primary Administration Node in the new deployment.

Step 3

Restore Cisco ISE configuration from the backup data.

Step 4

De-register Secondary MnT node.

Step 5

Re-image the deregistered Secondary MnT node to the intermediate Cisco ISE Release, as a standalone node.

Step 6

Assign Primary role to this Mnt node and restore the operational backup from the backup repository. This is an optional step and needs to performed only if you need to report of the older logs

Step 7

Import ise-https-admin CA certificates from your original Cisco ISE backup repository.

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

View solution in original post

4 Replies 4

Go to solution
marce1000
VIP
VIP

‎08-11-2023 07:48 AM - edited ‎08-11-2023 07:52 AM

 

 - According to https://www.cisco.com/c/en/us/td/docs/security/ise/3-2/upgrade_guide/Upgrade_Journey/Cisco_ISE_3-2_Upgrade_Journey.html#id_119620 ; it doesn't ;      you will need at least 2.7

(from the link)

Backup and Restore Upgrade Process

This section describes the upgrade process using the recommended Backup and Restore Upgrade method.

If you are currently using Cisco ISE, Release 2.7 or later, you can directly upgrade to Cisco ISE, Release 3.2.

In case you are using a Cisco ISE version that is not compatible to Cisco ISE Release 3.2, you need to first upgrade to an intermediate version, compatible to Cisco ISE, Release 3.2. And then you can upgrade from the intermediate version to Cisco ISE, Release 3.2. Follow the below steps to upgrade to an intermediate Cisco ISE version.

Upgrade Secondary PAN and Secondary MnT Nodes to Cisco ISE, Release 2.7, 3.0 or 3.13.0, 3.1 or 3.2

Before you begin

Restore backup from your existing Cisco ISE to intermediate Cisco ISE Release. If you do not want to retain the older reporting data, skip steps 4 to 6.

Procedure

Step 1

De-register Secondary PAN node.

Step 2

Re-image the deregistered Secondary PAN node to the intermediate Cisco ISE Release, as a standalone node. After the install, make this node the Primary Administration Node in the new deployment.

Step 3

Restore Cisco ISE configuration from the backup data.

Step 4

De-register Secondary MnT node.

Step 5

Re-image the deregistered Secondary MnT node to the intermediate Cisco ISE Release, as a standalone node.

Step 6

Assign Primary role to this Mnt node and restore the operational backup from the backup repository. This is an optional step and needs to performed only if you need to report of the older logs

Step 7

Import ise-https-admin CA certificates from your original Cisco ISE backup repository.

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Go to solution
Jonatan Jonasson
Level 4
Level 4

‎08-11-2023 01:46 PM

This is also mentioned in the administrators guide
(https://www.cisco.com/c/en/us/td/docs/security/ise/3-2/admin_guide/b_ise_admin_3_2/b_ISE_admin_32_maintain_monitor.html)

The last line in the "Backup Data Type" section states:
"Cisco ISE, Release 3.2 supports restore from backups obtained from Release 2.7 and later."

Go to solution
Damien Miller
VIP Alumni
VIP Alumni

‎08-13-2023 08:34 PM

Your best solution here might be to build a new 3.1 ise node in a lab, restore your 2.6 backup to it, validate the config, and then take a new 3.1 backup.

Next deploy a new 3.2 node in production or install 3.2 over your current secondary 2.6 node. Restore your 3.1 backup to it. 

Customers Also Viewed These Support Documents