Trucido wrote: » I would go on a hunch here and say if you have N+ and S+ you should be set. Just a guess though.
wrfortiscue wrote: » like network+/ security+?
Kreken wrote: » Here is my advice how to prepare since you don't work with the equipment on daily basis. Download and setup GNS3, if you don't have Cisco smartnets for ASA & routers, do a creative googling and look for ASA/router images. For ASA, I would recommend 8.4 image and ASAv 9.6. Keep in mind ASAv limitations like it doesn't support multicontext mode and etc. For IOS, look for C7200-ADVENTERPRISEK9-M v.15.2, this is the least buggy with most of the features working on GNS3. Once you have that setup, create simple network topologies. 1. R1---ASA---R2 Configure ASA using CLI to allow R1 ping R2. Don't forget about routing on R1 & R2. 2. Same topology as 1, configure ikev1 site to site VPN between R1 and R2. Use loopbacks as source and destination. You will also need to make changes on ASA to make this work. 3. ASA1---ASA2 \ / switch | R1 Configure ASAs in a failover cluster, ASA1 is primary. Up to you if you want to configure stateful failover or not. Once you setup a cluster, configure ikev2 site-to-site VPN between ASA and R1. If you want, you can also run debugs on ike and ipsec just to see what exactly happens during the tunnel creating. I would also read articles about IKE and IPsec. Know the difference between IKEv1 and v2.Configuring Internet Key Exchange Version 2 (IKEv2)* [Support] - Cisco Systems 4. On any ASA, configure a service policy to inspect FTP and reset connection if delete command is issued. Be able to explain the difference between active and passive mode FTP and implication on the firewall. Edit: Forgot to add. Know how ASA routes traffic. Read release notes for 9.2.
