Wanted: Assistance with CCNP&CCIE:Sec topology ideas

nrkynrky Member Posts: 16 ■□□□□□□□□□
G'day all!

I recently breezed through my CCNA: Security and I've been trawling the internet for the past week or so, trying to map out suitable lab scenarios in preparation for getting lab experience before the OCG's are released for CCNP: Security that will also translate in to suitable labs for CCIE: Security, though I'm not having much luck with either one!
I'd like to build up my CCNP lab to the point where it doesn't require much modification to be useful for my future CCIE studies. There's HEAPS of labbing guides for the CCNP/IE R&S track, but bugger-all for us security gurus. Natalie Timm's v4.0 labbing guide for the CCIE is starting to look like a good option, but at $100 for a *future* cert, is hard to justify in the budget.

One thing I loved about studying for the CCNA: Security, is that the labs were challenging and fun to plug 'extras' in to my old CCNA:R&S labs (mixture of physical switches + virtualized 'new-ish' routers, because none of my gear can handle IOS 15.X). After reading through the entire OCG several times and watching Keith Barker's CBT nuggets videos, it gave me a solid understanding of what techs to lab for. Without the OCG and a production environment for me to gain experience with at work at the NP level, I'm up a creek without a paddle.

At this stage, it's starting to look like these are some good options:
- 6-router multi-AS / multi-routing protocol infrastructure (bugger frame relay, it needs to die a horrible death, give me MPLS any day! I've already got the infrastructure for this, so no more purchases needed, I just do this bit for fun!)
- 2or3 backbone routers for traffic generation and route injection (still trying to figure out why IPExpert/INE/********* use these, what's wrong with a half-dozen VMs hooked up to sub-interfaces on a router?)
- ASA's to isolate each BB router
- a couple of IPS sensors
- ACS server
- ISE server

Throw in some DMVPN hubs and spokes, a few win XP VM's using Anyconnect SSL clients to ASA, a little IPv6, and Bob's your uncle? Cisco equipment-wise, it feels like something's missing, but I can't figure out what it is, as I've gone over and over the exam topics but looks as though this infrastructure would cover everything.

Sign In or Register to comment.