CCNA Security Lab

kamado

Hi all,

Im looking at CCNA Sec for my next certification, i have a few bits and bobs at home to use as a lab, but wanted to know if i am missing anything major.

1801 router
3560 switch
501 Pix

I want to progress to CCSP after this, what should i be looking around for ? would another 1800 router be ok ? and add in a couple more switches ?

Cheers

ashed1

For the CCNA:Sec what you have is more than enough but for CCSP you'll need to source a few more things.

For the CCSP/IE security labs I have 4 x 1841s and a 2811 (all max ram/flash), an asa 5505 with a 3560 & 2960 for switches. This is the minimum to really get dmvpn and a lot of other labs scaled large enough to understand the security management principles and to get the most out of CA labs (the PSK stuff is just dead simple and you'll likely get hit with overlapping labs of PSK and CA in the real world as well as in the IE lab). You'll also want/need a vmware box to run mars/acs and ips appliance images that are floating about (its also possible to emulate higher end asa's but not everything works smoothly).

But backing up for a bit, what you have is plenty for CCNA:Sec. Hope that helps.

kamado

Thanks for that, i really want to get hold of gear that will also be useful for eventually heading towards CCSP and CCIE, but that will be a while away, nice to know i have whats needed at the moment.

Is a 2811 really needed ? howcome you invested in one rather than sticking with the 1800's. Could i just build everything up with 1800 series ?

Cheers

emsrescue

Hi Folks,

Hope you dont mind me hijacking this thread a wee bit instead of starting a new one.

I am thinking about doing the CCNA Security and have my old CCNA lab sat infront of me and wanted to know if it would be enough.

2x 1721 with 2x wic1t in each
1x 2610 with 2x wic1t
1x 2900 switch

The 1721's have SDM running on them and have IP ADSL FW IDS PLUS IPSEC 3DES 12.3 ios on them and the 2610 has 12.2 IP Standard as it doesnt have a lot of ram or flash.

Any thoughts on what to add to it?

Cheers

Jon

coffeeking

I am currently working on it myself. So far I have been through the nuggets and can tell that 2 1800s and a switch are well enough for CCNA:Sec. It barely touches anything on physical firewalls or IPS. CCNA:Sec hits you heavy on Zone based firewalls; something you can do with a router and a switch by crating multiple zones, and it hits you big on SDM, which should be easy to run. So far from what I understand, if you know your ins and outs of these 2 topics you are good to go. Moving further on to CCSP you will definitely need to add some stuff.

mikej412

You need IOS Version 12.4(9)T with at least the Advanced Security Feature Set.

Slowhand

mikej412 wrote: »

You need IOS Version 12.4(9)T with at least the Advanced Security Feature Set.

Ah, the 12.4(n)T series of the IOS. Version 12.4(26)T has been my special friend for the last few weeks as I set up a router from scratch, including SSL VPN and ZBF. Makes me wish I'd already done the CCNA Security, as I find myself plugging away at CBT Nuggets from the 642-504 exam in the CCSP track and it'd be nice to have more of a foundation with some of the firewall concepts before breaking. . . "configuring" our new router.

tiersten

Slowhand wrote: »

Version 12.4(26)T has been my special friend for the last few weeks as I set up a router from scratch

Huh? 12.4.24T is the latest tech train release.

StrikeZone

Is there a way to get the latest IOS without having a support contract?

Slowhand

StrikeZone wrote: »

Is there a way to get the latest IOS without having a support contract?

There is, but posting the method violates the rules of this forum, if you get my drift.

tiersten wrote: »

Huh? 12.4.24T is the latest tech train release.

That's absolutely correct, typo on my part.