exam 642-533

livenliven Member Posts: 918
Is the IPS module in an ASA 5520

the AIP-SSM

enough for this exam or is it necessary to get a 4000 series sensor?
encrypt the encryption, never mind my brain hurts.

Comments

  • dtlokeedtlokee Member Posts: 2,378 ■■■■□□□□□□
    You could do the majority of the topics on the AIP-SSM, you would miss things like inline and VLAN pairs, and a few other minor topics but the majority of the exam focuses around tuning the sensor, signatures, using IDM and so on.
    The only easy day was yesterday!
  • livenliven Member Posts: 918
    Could the missing parts be accounted for with Rack rental?
    encrypt the encryption, never mind my brain hurts.
  • AhriakinAhriakin SupremeNetworkOverlord Member Posts: 1,799 ■■■■■■■■□□
    You can configure Inline operation, it's applying it via service-policies to the interfaces of the host ASA vs. physical interfaces on a 4K that'd be different in that regard but you can still configure preventative functions the same way as a full unit.
    We responded to the Year 2000 issue with "Y2K" solutions...isn't this the kind of thinking that got us into trouble in the first place?
  • livenliven Member Posts: 918
    Ahriakin wrote:
    You can configure Inline operation, it's applying it via service-policies to the interfaces of the host ASA vs. physical interfaces on a 4K that'd be different in that regard but you can still configure preventative functions the same way as a full unit.



    Yes that is what I am doing currently. Using the host ASA to divert traffic to the IPS.

    I am not having any issues getting the ASA side of things to work, but the IPS is just not as intuitive as I was hoping it would be...
    encrypt the encryption, never mind my brain hurts.
  • AhriakinAhriakin SupremeNetworkOverlord Member Posts: 1,799 ■■■■■■■■□□
    The IPS (4K or AIP) is probably the most 'alien' security device in Cisco's core appliance list, imho. Routers/PIX+ASA/VPN Concentrators all share a certain amount of similarity but the IPS is a whole different beast. I did the exam at the beginning of the year using rack time back then but now we finally have some ASAs+AIPs I'm trying to pick it back up again and it's a lot more challenging than any of the other devices I've worked with, still that's what makes it fun right ;).
    The Cisco Press exam guide is very dry and was one of the hardest for me to keep reading. I do recommend the CBTNuggets IPS Course though.
    We responded to the Year 2000 issue with "Y2K" solutions...isn't this the kind of thinking that got us into trouble in the first place?
  • livenliven Member Posts: 918
    YES, I totally agree....


    I do think it is a great device (IPS), just very different. And this is coming from a person who does IDS/IPS work (with other brands/open source) on a daily basis. The concepts and theory are not new to me. So its just trying to get the cisco stuff to do what I want it to....


    Yes it is fun, but that is why most of us are in this business. We love what we do.
    encrypt the encryption, never mind my brain hurts.
Sign In or Register to comment.