exam 642-533

Is the IPS module in an ASA 5520

the AIP-SSM

enough for this exam or is it necessary to get a 4000 series sensor?

Find more posts tagged with

Comments

You could do the majority of the topics on the AIP-SSM, you would miss things like inline and VLAN pairs, and a few other minor topics but the majority of the exam focuses around tuning the sensor, signatures, using IDM and so on.

liven

Could the missing parts be accounted for with Rack rental?

Ahriakin

You can configure Inline operation, it's applying it via service-policies to the interfaces of the host ASA vs. physical interfaces on a 4K that'd be different in that regard but you can still configure preventative functions the same way as a full unit.

liven

Ahriakin wrote:

You can configure Inline operation, it's applying it via service-policies to the interfaces of the host ASA vs. physical interfaces on a 4K that'd be different in that regard but you can still configure preventative functions the same way as a full unit.

Yes that is what I am doing currently. Using the host ASA to divert traffic to the IPS.

I am not having any issues getting the ASA side of things to work, but the IPS is just not as intuitive as I was hoping it would be...

Ahriakin

The IPS (4K or AIP) is probably the most 'alien' security device in Cisco's core appliance list, imho. Routers/PIX+ASA/VPN Concentrators all share a certain amount of similarity but the IPS is a whole different beast. I did the exam at the beginning of the year using rack time back then but now we finally have some ASAs+AIPs I'm trying to pick it back up again and it's a lot more challenging than any of the other devices I've worked with, still that's what makes it fun right

.
The Cisco Press exam guide is very dry and was one of the hardest for me to keep reading. I do recommend the CBTNuggets IPS Course though.

liven

YES, I totally agree....

I do think it is a great device (IPS), just very different. And this is coming from a person who does IDS/IPS work (with other brands/open source) on a daily basis. The concepts and theory are not new to me. So its just trying to get the cisco stuff to do what I want it to....

Yes it is fun, but that is why most of us are in this business. We love what we do.