300-209 SIMOS Study Material

Hi

I have completed SENSS and are now planning to start the SIMOS course.. What kind of resources would you guys recommend in order to pass the test? I have access to the INE Video Course and as many Routers and Firewalls i need through my job.
As far as i can see there are now official books for the SIMOS course.. Is there any unofficial ones, and what about lab manuals and test questions.. Is there any site that provides these things?

Find more posts tagged with

Comments

mackenzae

hey nb -

I'm working on this now.. I just read up on the technologies on Ciscos sites using whitepapers -

FlexVPN/DMVPN/GETVPN

I also used CBT Nuggets videos. I'm still in the midst of studying myself and the best i can suggest on books are the old VPN 2.O OCG or there is this new one that just came out (I did not get it or read it so I cannot recommend it) but i wanted to make sure you were aware.

https://www.amazon.com/IKEv2-IPsec-Virtual-Private-Networks/dp/1587144603/ref=sr_1_1?ie=UTF8&qid=1475494181&sr=8-1&keywords=flexvpn%5C

It does seem like they want you to know how to configure more than just understand the concepts based on the blueprint. Also hope you have some Idea of how VPNs are built because FlexVPN could take a bit to wrap your head around if you are new to the whole VPN concept.

Hondabuff

We rolled out Flex VPN with Digital certs last year at my company and I have since deployed over 750 remote sites using the IKEv2 and VTI tunnels. I have been sitting in the starting blocks for the SIMOS book for over a year now and I'm going to take the exam next year to renew my CCNP. The CBT nuggets video was pretty good but there is a lot left out if you want to deploy it. It took 3 Engineers 6 months to get all the kinks worked out and you need real equipment running IOS 15.4 or higher or risk some strange bugs in the code. Setting up the CA server was a PITA and I feel like even after 1 whole year it is still confusing. I can do IPV4 VTI tunnels running IPsec in my sleep but IKEv2 was challenging to say the least. I have now just templated everything out but if you ask me to demo it off the top of my head I would struggle. The whole authorization policies and IKEv2 proposals are a challenge to remember the proper sequences and they have to be done in order. I just got permission to purchase the new IKEv2 book that was just released so I will be interested to see if there is anything we overlooked on best practices. The CBT nuggets, INE are the only 2 videos I could find, the IKev2 book and 2 pdf **** is the only material floating around. This is the first time I ever used a Brain **** to help find commands for virtual templates that we couldn't locate in the white papers from Cisco. I built my own VCE file based from white papers, TAC info and some of the random pdfs I found. Not sure what the delay is from Cisco on this one. ***Disclaimer*** Brain **** were used for recreation use only and were not intended to be used for exam taking purposes and are frowned upon in the Techexams community. I just hope the Cert guide isn't a dud like the new CCNA Security book was.

mbarrett

As mentioned there is the CBT Nuggets course (you can watch for free if you sign up for 7 days)
Also the Official book is on Amazon but not yet Safari
Also https://learningnetwork.cisco.com/community/certifications/ccnpsecurity/simos/study-material
You can get a premium subscription to that site for not very much money, it gives access to a lot of videos and study material.
You can also find some videos on the Cisco Live site, if you do some searches.
Also the study materials for the CCIE Security include some stuff that's related to the CCNP cert.

Hondabuff

Still not available on Amazon, You really got my hopes up on that one.

mbarrett

Hondabuff wrote: »

Still not available on Amazon, You really got my hopes up on that one.

Ah, ok I saw Amazon come up in Google search but I didn't drill into it - there is a listing for the book, dated 21 Sep 2016 for a hardcover copy but it's not in stock.

Hondabuff

The one practice exam I found I scored a 70% on 137 questions on the first go round. Some of the questions I have been deep in some TAC forums trying to find info on it. Some of the SSL VPN stuff is just hard to find details on it and a lot of decoding debugs.

nb-

Hondabuff wrote: »

The one practice exam I found I scored a 70% on 137 questions on the first go round. Some of the questions I have been deep in some TAC forums trying to find info on it. Some of the SSL VPN stuff is just hard to find details on it and a lot of decoding debugs.

Hi
Do you have a link for that practice examn?

Looks like its near impossible to pass these CCNP: Security exams without braindumps...

mbarrett

For what it's worth, IPExpert used to have a video that's probably still floating around.

Hondabuff

So I'm chugging along in the new IKEv2 book and finding a wealth of information in it. Really a great book so far for the SIMOS prep. I ended up on a side tangent and found a compatible IOS image for GNS3 that does IKEv2. "c7200-adventerprisek9-mz.152-4.S4.bin" This is really a game changer for me since I was doing everything in my lab at work that is cold and noisy.

JustFred

I was under the impression the book wasn't ready yet? Have they finished all the chapters?

Hondabuff

I'm working on the "IKEv2 IPsec Virtual Private Networks" book that was released last month. I'm about a third of the way through it and there is a wealth of knowledge I wish I new before we implemented flex vpn. A lot of it is landmines we stepped on while reviewing Cisco white papers and building our Templates. Here is aquick down and dirty config for GNS3 if your trying to learn IVEv2 and Flex. You must do them in order and delete in reverse order. It works like an AD tree. I'm currently labbing the CA Server and RSA certs and will post back once I have simplified the process and config.

Flex VPN using IKEv2 and Static VTI
!
crypto ikev2 proposal *MYPROP* ****Name it whatever****
encryption aes-cbc-256 aes-cbc-128
integrity sha512
group 20
!
************************************************************
crypto ikev2 policy *MYPOLICY1* Name it whatever
proposal MYPROP
!
************************************************************
crypto ikev2 keyring *K1* Name it whatever
peer *peer1* name it whatever
address *200.0.0.2* <--remote peer
identity address *200.0.0.2* <--remote peer
pre-shared-key *key1* Name it whatever
!
************************************************************
!
!
crypto ikev2 profile *P1* Name it whatever
match identity remote address *200.0.0.2 255.255.255.255* <--address of the remote peer
authentication remote pre-share
authentication local pre-share
keyring local K1
!
************************************************************
!
crypto ipsec transform-set *T1* esp-aes 256 esp-sha512-hmac
mode transport
!
************************************************************
crypto ipsec profile *P1*
set transform-set T1
set ikev2-profile P1
!
************************************************************
!
interface Tunnel0
ip unnumbered *LAN or LOOPBACK*
ip mtu 1400
ip tcp adjust-mss 1360
tunnel source *wan interface*
tunnel mode ipsec ipv4
tunnel destination *100.0.0.2* <--remote peer
tunnel protection ipsec profile P1
!
*************************************************************
!
router ospf 100
network 10.80.0.0 0.0.0.255 area 0
no passive-interface Tunnel0

*************************************************************

mackenzae

I took this exam yesterday.. I missed it probably by a question or 2 (826/845 or something like that). labs were cake.. it was the trick multi choice answers.. there were times they used an answer of gre tunnel (and I didn't know if that was what they wanted even though its actually mgre for dmvpn - **** like this where its wrong but in cisco test terms.. maybe that was correct)

JustFred

Sorry to hear that. Good luck on the next try.

zmalik

hello, Mackenzae, please advise which material you used for exam.
Thanks,

mbarrett

https://learningnetwork.cisco.com/community/certifications/ccnpsecurity/simos/study-material

All the stuff marked "Premium Subscription" you have to pay for, last I looked was $60/6 months. Premium givers you access to a lot of stuff for all the CCNP / CCNA tests on all tracks.