CCNA/CCSP Security

GhaleonGhaleon Registered Users Posts: 2 ■□□□□□□□□□
All,

My company has just allocated me a generous budget ($7000) for training. I recently earned my CCNA with self study and I want to put this money towards the CCNP security track, which will require that I first get CCNA Security.

What would be the best way to use this money if I want to REALLY learn the material? I like the idea of a bootcamp, and I learn well in classroom settings, but my concern is that anything that I can learn in a week I can probably forget in a month.

Should I buy books and software? Build a lab? Find a Cisco Network Academy? I'm not looking to do this as fast as possible, but to do it right and to use my company's money in a meaningful way.

For the CCNA I used Boson, packet tracer, and GNS3. I still have access to all three.

Thanks for your time.

Comments

  • CiderCider Member Posts: 88 ■■□□□□□□□□
    Are you allowed to drop some money on actual hardware you can use at work/home?
  • GhaleonGhaleon Registered Users Posts: 2 ■□□□□□□□□□
    Yes, I'll just need to return if/when I leave the company.
  • --chris----chris-- Member Posts: 1,518 ■■■■■□□□□□
    You have to do CCNA:S before CCNP:S ?
  • OfWolfAndManOfWolfAndMan Member Posts: 923 ■■■■□□□□□□
    For CCNA Security, you will need only GNS3 with a copy of Cisco Configuration Professional (It's free for the limited version). In GNS3, you will need to make a cloud with a loopback interface using a windows loopback on your desktop (Assuming you're using windows). I have a explanation of the setup with complete notes on the cert if you want it.

    As for CCNP Security, you'll obviously need a Cisco ASA. You can also set it up in GNS3, assuming you have an image and license. Or you can buy one, but the GNS3 version doesn't seem to have any issues from what I've observed. You'll also need to manage it with ASDM, which can be done in GNS3 as well, but I'm still working on getting that working. Make sure you know how to run a packet capture in GNS3. You'll need to setup various VPN types, but you can do that in the router or ASA. Lastly (And the most difficult), for SISAS, it is all Cisco Identity Service Engine. It is basically a combination of Cisco ACS and Cisco NAC with a few additional features which only supports RADIUS (TACACS+ support is not present from last I heard). You can get an evaluation for 100 users (Don't think a lab would need that many lol) for a 90 day period. Advanced package has more features obviously including posturing (Basically means the supplicant, or end device, has to comply with certain software requirements such as an up to date AV database to be allowed access), Security Group Access functionality and profiling. ISE is a very complex beast to say the least, but to get it working in a lab environment, you'll need to run it in VMware (Haven't heard of anyone successfully run it in Virtualbox). Make sure your computer hardware is top notch, because ISE in a virtualized environment is a resource hog (Check the site for system requirements) As for setting it up in a virtual environment to integrate with GNS3, I am still working to get this working.
    :study:Reading: Lab Books, Ansible Documentation, Python Cookbook 2018 Goals: More Ansible/Python work for Automation, IPSpace Automation Course [X], Build Jenkins Framework for Network Automation []
Sign In or Register to comment.