ASA, Vpn Con. and PIX

Bl8ckr0uterBl8ckr0uter Inactive Imported Users Posts: 5,031 ■■■■■■■■□□
My company deploys and supports many of these things. I was thinking about for my CCNA:S studies, picking up an ASA (I know this isn't tested but I just want one) and a VPN Appliance. Is this feasible for NA level studies? My company is moving to have everyone CCNA certified and the Tier 2s (me) to have CCNP's (they haven't said it yet but it is coming down the pipe) and Juniper certs. How much ASA/VPN configuration is on the current ccnp and would it be worth while to pick up this gear for that purpose?

Comments

  • mikej412mikej412 Member Posts: 10,086 ■■■■■■■■■■
    The old VPN Concentrators are end-of-life, so unless you're supporting existing customers with VPN Concentrators, I'd skip getting one and just stick with the ASA/ISR routers and configure VPNs on those.

    There is no ASA configuration on the current CCNP, and just a little Router/VPN configuration.
    :mike: Cisco Certifications -- Collect the Entire Set!
  • Bl8ckr0uterBl8ckr0uter Inactive Imported Users Posts: 5,031 ■■■■■■■■□□
    mikej412 wrote: »
    The old VPN Concentrators are end-of-life, so unless you're supporting existing customers with VPN Concentrators, I'd skip getting one and just stick with the ASA/ISR routers and configure VPNs on those.

    There is no ASA configuration on the current CCNP, and just a little Router/VPN configuration.

    So it probably isn't worth it. The ASAs are not cheap, but I sit next to a ccnp and when I become a ccnp I want to be a better ccnp than him icon_lol.gif so I was just looking for an edge.
  • shednikshednik Member Posts: 2,005
    knwminus wrote: »
    So it probably isn't worth it. The ASAs are not cheap, but I sit next to a ccnp and when I become a ccnp I want to be a better ccnp than him icon_lol.gif so I was just looking for an edge.


    VPN Concentrators are terrible....run away I can't wait to retire mine at work. ASAs are awesome and the seem to keep adding all kinds of cool stuff to them. I'm just tired of finding bugs in code since I keep testing newer code:D
  • btowntechbtowntech Member Posts: 198 ■■■□□□□□□□
    I have noticed quite a few jobs (entry to mid level network engineer) asking for ASA experience now, and decided to pick one up to start learning in my spare time. We don't use any of the Cisco ASA 5500 series where I work but it can't hurt to learn.

    The CCNA Security and CCNP (ISCW) are only going to test you on router based VPNs. If you want to pick one up and get a little extra knowledge, I would say go for it. icon_thumright.gif

    Here is a book if you need one: Cisco ASA Configuration
    BS - Information Technology; AAS - Electro-Mechanical Engineering
  • Bl8ckr0uterBl8ckr0uter Inactive Imported Users Posts: 5,031 ■■■■■■■■□□
    shednik wrote: »
    VPN Concentrators are terrible....run away I can't wait to retire mine at work. ASAs are awesome and the seem to keep adding all kinds of cool stuff to them. I'm just tired of finding bugs in code since I keep testing newer code:D

    I found this out the fun way...and by fun way I mean losing an entire citys vpn tunnel(s) during peek hours. We had to kick that tunnel for hours in order for it to pop back up ncool.gif

    To be perfectly honest I have no idea what they "do" (besides fail every other day) so I was going to get one to play around with it.
    btowntech wrote: »
    I have noticed quite a few jobs (entry to mid level network engineer) asking for ASA experience now, and decided to pick one up to start learning in my spare time. We don't use any of the Cisco ASA 5500 series where I work but it can't hurt to learn.

    I have noticed it in Tier III NOC jobs (mainly mine) so I think it would be cool to learn ASAs, and eventually do the ASA specialist (along with the CCSP).
    btowntech wrote: »

    The CCNA Security and CCNP (ISCW) are only going to test you on router based VPNs. If you want to pick one up and get a little extra knowledge, I would say go for it. icon_thumright.gif

    Here is a book if you need one: Cisco ASA Configuration

    Are you reading/have you read that book? I usually don't get books without reviews. I was thinking about this one Amazon.com: Cisco ASA: All-in-One Firewall, IPS, and VPN Adaptive Security Appliance (9781587052095): Omar Santos, Jazib Frahim: Books
    or this one
    Amazon.com: Cisco ASA, PIX, and FWSM Firewall Handbook (2nd Edition) (9781587054570): David Hucaby: Books

    for my ASA studies.
  • brocbroc Member Posts: 167
    knwminus wrote: »

    I highly recommend the second one from David Hucaby, that was my main source of study for the SNAF and SNAA. It's well written and cover just about everything except VPNs. I used Cisco website for all the VPN stuff, there is loads of configuration guides which explain everything you need.

    The CCNP wasn't easy but believe me, the CCSP is another major step harder! Very interesting though and I think very "real world".

    Right, off for my IPS exam to see if I'll be a CCSP by the end of the day :D
    "Not everything that counts can be counted, and not everything that can be counted counts.”
  • Bl8ckr0uterBl8ckr0uter Inactive Imported Users Posts: 5,031 ■■■■■■■■□□
    broc wrote: »
    I highly recommend the second one from David Hucaby, that was my main source of study for the SNAF and SNAA. It's well written and cover just about everything except VPNs. I used Cisco website for all the VPN stuff, there is loads of configuration guides which explain everything you need.

    The CCNP wasn't easy but believe me, the CCSP is another major step harder! Very interesting though and I think very "real world".

    Right, off for my IPS exam to see if I'll be a CCSP by the end of the day :D

    Very cool. How would you rate the difficulty of the ASA specialist exams.
  • brocbroc Member Posts: 167
    knwminus wrote: »
    Very cool. How would you rate the difficulty of the ASA specialist exams.

    They are difficult exams, I was well prepared for the SNAF and I'm glad I was! You need to have a very good grasp on the theory AND know how to configure everything with the CLI and ASDM. I passed the SNAA a week later thinking it was going to be even harder but surprisingly, I found it to be very similar (some questions were almost the same) and actually easier.

    Spend some time learning all the types of NAT/PAT and why/when to use them!
    "Not everything that counts can be counted, and not everything that can be counted counts.”
  • Bl8ckr0uterBl8ckr0uter Inactive Imported Users Posts: 5,031 ■■■■■■■■□□
    broc wrote: »
    They are difficult exams, I was well prepared for the SNAF and I'm glad I was! You need to have a very good grasp on the theory AND know how to configure everything with the CLI and ASDM. I passed the SNAA a week later thinking it was going to be even harder but surprisingly, I found it to be very similar (some questions were almost the same) and actually easier.

    Spend some time learning all the types of NAT/PAT and why/when to use them!

    Did you think you needed NP level knowledge of networking before you did the ASA specialist?
  • brocbroc Member Posts: 167
    knwminus wrote: »
    Did you think you needed NP level knowledge of networking before you did the ASA specialist?

    It's difficult to say, it certainly helped a lot but I wouldn't say it is necessary. CCNA level should be fine, you'll just have to work harder :)

    You need to master ACL, NAT and VPN, I would say that's the three key technologies for the ASA exams.
    "Not everything that counts can be counted, and not everything that can be counted counts.”
  • Bl8ckr0uterBl8ckr0uter Inactive Imported Users Posts: 5,031 ■■■■■■■■□□
    broc wrote: »
    It's difficult to say, it certainly helped a lot but I wouldn't say it is necessary. CCNA level should be fine, you'll just have to work harder :)
    I am willing to put in the work icon_wink.gif
    broc wrote: »
    You need to master ACL, NAT and VPN, I would say that's the three key technologies for the ASA exams.

    I am thinking about maybe picking up an ASA (or 2) up (if I can find 1 for cheap icon_redface.gif)

    At my current job, there are 5 CCIEs (1 Voice and the rest R/S), maybe 10 CCNPs, and only 1 CCSP. Since I want to move up from the noc soon, it maybe best to get the CCSP (and asa specialist). My current job allows me to touch (more like very lightly poke) some asas but I would like to get into it a little more. My ultimately goals live in security so CCIE:S RHCSS/RHCA/SCNA/SCSECA and GCUX are on my 4 -5 year goals list. I may throw in a firewall cert (CCSA/CCSE) or more Juniper certs but I am not to sure yet.
  • brocbroc Member Posts: 167
    knwminus wrote: »
    I am willing to put in the work icon_wink.gif

    I am thinking about maybe picking up an ASA (or 2) up (if I can find 1 for cheap icon_redface.gif)

    At my current job, there are 5 CCIEs (1 Voice and the rest R/S), maybe 10 CCNPs, and only 1 CCSP. Since I want to move up from the noc soon, it maybe best to get the CCSP (and asa specialist). My current job allows me to touch (more like very lightly poke) some asas but I would like to get into it a little more. My ultimately goals live in security so CCIE:S RHCSS/RHCA/SCNA/SCSECA and GCUX are on my 4 -5 year goals list. I may throw in a firewall cert (CCSA/CCSE) or more Juniper certs but I am not to sure yet.

    Well that should keep you busy for the next few years :)

    I have quite a lot of equipment at home but no ASA as yet... they are a bit expensive and I simulated them on VMWare, a pain to set up but you can't beat the price :)
    "Not everything that counts can be counted, and not everything that can be counted counts.”
  • Bl8ckr0uterBl8ckr0uter Inactive Imported Users Posts: 5,031 ■■■■■■■■□□
    broc wrote: »
    Well that should keep you busy for the next few years :)

    I have quite a lot of equipment at home but no ASA as yet... they are a bit expensive and I simulated them on VMWare, a pain to set up but you can't beat the price :)

    You can sim an ASA on Vmware?
    Did NOT know that!
    So is it like GNS3 but for the ASA?
  • brocbroc Member Posts: 167
    knwminus wrote: »
    You can sim an ASA on Vmware?
    Did NOT know that!
    So is it like GNS3 but for the ASA?

    Yep you can but it's a bit of a pain to set up and didn't manage to make failover work between two units... Other than that, it's great!

    Have a look here:

    VMWare ASA AIO virtual Image | ASA Project

    Oh and the latest beta of GNS3 claim to be able to handle an ASA image too but I haven't tried it yet.
    "Not everything that counts can be counted, and not everything that can be counted counts.”
  • kalebkspkalebksp Member Posts: 1,033 ■■■■■□□□□□
    broc wrote: »
    Oh and the latest beta of GNS3 claim to be able to handle an ASA image too but I haven't tried it yet.

    I tried, it's still a PITA. I got the ASA to boot but I couldn't get it to pass any traffic. I decided I was wasting too much time on it and gave up.
  • ilcram19-2ilcram19-2 Banned Posts: 436
    dont get and ASA thet suck get an router ISR
  • Bl8ckr0uterBl8ckr0uter Inactive Imported Users Posts: 5,031 ■■■■■■■■□□
    ilcram19-2 wrote: »
    dont get and ASA thet suck get an router ISR

    Wouldn't that defeat the purpose of doing the ASA specialist icon_rolleyes.gif
  • Bl8ckr0uterBl8ckr0uter Inactive Imported Users Posts: 5,031 ■■■■■■■■□□
    I Think I will pick up a 5505 (maybe 2 if I get some more money) and possibly a pix just to play with. I am reviewing the CCIE reading list and more than likely, I will work on obtaining the majoring of the books on that list.

    Since I want to go for the CCIE:S It may be best for me to model my lab after the CCIE blueprint (and virtualize anything and everything I can).
  • ilcram19-2ilcram19-2 Banned Posts: 436
    knwminus wrote: »
    Wouldn't that defeat the purpose of doing the ASA specialist icon_rolleyes.gif

    Then do ccsp like im involves a mix of them all rouoting and switching security, ASA, IPS,
    and you can take your pick of an 4th exam if you want to use ASA the go for ASA Advanced as your 4th test.

    i've find ASA a lil limited in comparation to a ISR, i mean just on VPN technologies, the ISR does 3 more type os vpn than the ASA

    ASA: ipsec vpn, easy vpn
    ISR: Ipsec vpn, easy vpn, DMVPN, GRE/ipsec VPN, GETVPN

    to me they are more flexible and once you find the wonders of zone based firewall oh man
    that would be it for the ASA's. It really requiered more skill setting up a dmvpn than just a single VPN with the ASA not mentioning that you can do routing and QOS. You can tell that i really enjoy playing around with the routers but i probably get an ASA for my CCSP studies.
  • TurgonTurgon Banned Posts: 6,308 ■■■■■■■■■□
    knwminus wrote: »
    My company deploys and supports many of these things. I was thinking about for my CCNA:S studies, picking up an ASA (I know this isn't tested but I just want one) and a VPN Appliance. Is this feasible for NA level studies? My company is moving to have everyone CCNA certified and the Tier 2s (me) to have CCNP's (they haven't said it yet but it is coming down the pipe) and Juniper certs. How much ASA/VPN configuration is on the current ccnp and would it be worth while to pick up this gear for that purpose?

    No 1 requirement I have seen in jobs of late is PIX/ASA. No 2 is Voice. No 3 is Juniper.

    I might add that No 0 is current experience doing exactly what the job involves but that's the market for you.

    Definitely play with PIX or ASA !
Sign In or Register to comment.