Explore Cisco
How to Buy

Have an account?

  •   Personalized content
  •   Your products and support

Need an account?

Create an account

Migrating from Cisco Secure ACS to Cisco ISE

At a Glance

Available Languages

Download Options

  • PDF
    (77.0 KB)
    View with Adobe Reader on a variety of devices
Updated:March 5, 2020

Available Languages

Download Options

  • PDF
    (77.0 KB)
    View with Adobe Reader on a variety of devices
Updated:March 5, 2020

Why Migrate to the Cisco Identity Services Engine (ISE)?

The Cisco® Secure Access Control System (ACS) has been a popular choice for highly secure network access control and network device administration for over 15 years. However, enterprises are recognizing that they need more. Now is the time to migrate to Cisco Identity Services Engine (ISE), which provides not only the features of Cisco ACS but also many more advanced security and mobility capabilities.

Cisco ISE is the market-leading security policy management platform. It unifies and automates access control to proactively enforce role-based access to enterprise networks and resources. It doesn’t matter whether a user connects over a wired or wireless network or a VPN. Cisco ISE delivers superior user and device visibility to provide streamlined mobility experiences. It shares vital contextual data with integrated technology partner solutions to accelerate their ability to identify, mitigate, and remediate threats.

The platform combines authentication, authorization, posture assessment, profiling, and guest management services in a unified appliance. A single management console for configuring and administering services gives you consistency and simplified administration. Less hardware is required because multiple services can now run on a single node.

End-of-Sale and End-of-Life Announcement for the Cisco Secure Access Control System

NOTE: The Cisco ACS is no longer being sold after August 30, 2017 and might not be supported. View the End-of-Life Notice to learn:

     End-of-sale and end-of-life dates

     What replacement products are available

     Information about product support

Protecting Your Cisco Investment

The move from Cisco Secure ACS to Cisco ISE is easy and cost efficient. Cisco ISE runs on the same Secure Network Server (SNS) hardware platform as the Cisco Secure ACS. Migrate easily with existing Cisco SNS 3515 and 3595 hardware. The Cisco ISE software is also supported on VMware.

Cisco Secure ACS capabilities are available in the base software version of Cisco ISE, which now includes most TACACS+-based network device administration features.

All Cisco Secure ACS customers with device administration deployments can migrate to the latest Cisco ISE software release.

Migration Tools and Cisco Services

Cisco ISE comes with a tool to help customers migrate from Cisco Secure ACS 5.5 or later to Cisco ISE Software 2.X. The tool will automatically migrate Cisco Secure ACS configuration data (such as user and device information and policy) to Cisco ISE, but it will not migrate monitoring and troubleshooting data.

Cisco Secure ACS customers who have deployed the Cisco Network Admission Control (NAC) Guest Server and NAC Profiler will need to manually migrate guest and profiler configuration policies.

Migration tools from Cisco Secure ACS 5.x to Cisco ISE are built into the

Cisco ISE Software Release Software Application Support and Upgrades (SASU) contract except for monitoring and troubleshooting. There is also a standalone version of the tool available.

Migration Benefits

     Migrate Now for Less! Existing ACS customers can enjoy major discounts off Cisco ISE hardware and software license bundles. Take advantage of this limited time promotion. Download the Cisco ISE Ordering Guide and contact your Cisco sales or Partner representative to learn more.

     Eliminate complexity and management time with unified policy management: Stop managing multiple administrative consoles. Cisco ISE provides a single console where authentication, authorization, posture, guest, and profiling policies can be created and managed.

     Discover, identify, and monitor all IP-enabled endpoints: IT teams gain complete visibility of both user devices and other devices, such as printers and sensors, on the corporate network.

     Build richer contextual policies: Cisco ISE builds richer contextual policies that can be enforced centrally across the network. You can track all users and devices connected to the network using Cisco ISE as a single source of information for connected user and device identity and location as well as endpoint health.

     Enforce dynamic access control: Cisco ISE combines authentication, authorization, and accounting (AAA), posture, profiling, and guest management capabilities in a single appliance to enforce dynamic access control. Cisco ISE can be deployed across the enterprise infrastructure for wired, wireless, and VPN networks.

Next Steps

For more information on Cisco ISE, please visit http://www.cisco.com/go/ise. Additional resources for migrating can be found at the ACS to ISE Migration how-to page

How to buy

To view buying options and speak with a Cisco sales representative, visit www.cisco.com/c/en/us/buy


















Learn more