Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
187
Views
0
Helpful
7
Replies

ISE policies from 2.0 to 2.6

asmlicense
Level 1
Level 1

‎04-29-2024 10:42 PM

Dears,

we need help with rehosting policies from ISE 2.0 to ISE 2.6.

The problem is that on 2.0 version disk usage already 95% so we can't take 'configuration backup'. The only backup we can get is 'operational backup' and it is in xml format. BUT as I know it is not possible to import xml file to SE 2.6 version.

The other solution is to backup operational backup via repository from CLI on 2.0 version (restore <restore_filename> repository <repository_name> encryption-key plain <key>) and then restore it with CLI on 2.6 version (backup <restore_filename> repository <repository_name> encryption-key plain <key>). BUT there is not any policy after restoring process.

By policies I mean authentication and authorization policies, authorization profiles, AD connector, network devices and so on.

What I'm doing wrong ? Or maybe I need configuration backup and I will not be able to restore needed policies with operational backup ?

0 Helpful
7 Replies 7

balaji.bandi
Hall of Fame
Hall of Fame

‎04-30-2024 12:11 AM

Try clear the ISE disk space removing any old Logs ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

asmlicense
Level 1
Level 1
In response to balaji.bandi

‎04-30-2024 12:24 AM

Yes, we already:

1. config local storage for logs to 1 day.

2. reset M&T database

 

Now I wrote to tac in order they send me root patch and root key. Also I want to:

1. purge M&T operational data

2. reset M&T session database

 

0 Helpful

asmlicense
Level 1
Level 1
In response to ahollifield

‎04-30-2024 06:37 AM

yes, you are right.

I can't create tac, and also Cisco support team refuse to assist with root patch because of end-of-support, but it's ok, I understand that they don't have to help us.

but they help with rehosting licenses from 2.0 to 2.6

0 Helpful

ahollifield
VIP
VIP
In response to asmlicense

‎04-30-2024 06:51 AM

Time to upgrade to 3.2 or 3.3. Why continue on 2.6?
0 Helpful

asmlicense
Level 1
Level 1
In response to ahollifield

‎04-30-2024 07:12 AM

I would like to upgrade to 3.2 with great pleasure but it is not so easy to do, because of budget, permissions from management side, etc. so I have to up 2.6 version in order to get 90 days (trial version) in order to start tender for 3.2 version.

0 Helpful

ahollifield
VIP
VIP
In response to asmlicense

‎04-30-2024 07:23 AM

Maybe it would help from a management and budget prospective to bring up the MANY security vulnerabilities present in ISE 2.0 and 2.6?
0 Helpful
Customers Also Viewed These Support Documents