Here comes the audible

phoeneous

My original plan was to finish MCSE:2003 by April with 293, 294, and 297. However, several of my projects include various security audits and assessments of our infrastructure and 640-553 seems like it would be beneficial for me at this point. Given my experience I think I can knock this one out by the end of the year. I've got an okay lab for this and more than enough in cbt's. Anyway, just wanted to peek my head in and say hello.

peanutnoggin

Good luck... in your studies!

-Peanut

alan2308

Good luck!

phoeneous

No testing centers with availability on the 31st

I was kind of hoping to ring in the new year with style. Oh well, I'll just take it in January. More time for vpn lab work

powerfool

Well, I have decided to do the same, myself. I was going to do the Messaging specialization for the MCSE and then the MCITP: EMA 2010, but CCNA Security seems more appropriate. I want to also knock out the CCSP exams, including the ASA Advanced exam, before April so I can also clear the CCNP Security... so, the clock is ticking.

phoeneous

powerfool wrote: »

Well, I have decided to do the same, myself. I was going to do the Messaging specialization for the MCSE and then the MCITP: EMA 2010, but CCNA Security seems more appropriate. I want to also knock out the CCSP exams, including the ASA Advanced exam, before April so I can also clear the CCNP Security... so, the clock is ticking.

Yeah, my company is opening 6 offices next year, this exam and ccnp is exactly what I need. Best of luck.

[Deleted User]

I've got this one scheduled for the 4th of Jan. I've been going through the CBT Nuggets and reading Catherine Paquet's book. Both of them are great study resources.. I've been thinking about getting Chris Bryant's study guide but I think this may be enough for me to get the pass. I highly recommend the CBT Nuggets.. anything by Jeremy is gold and you're bound to learn something.

phoeneous

xmalachi wrote: »

I highly recommend the CBT Nuggets.. anything by Jeremy is gold and you're bound to learn something.

Agreed. Can't wait to watch the zbf material.

powerfool

I am currently reading the Cisco Press book and have access to the DoD training videos for the exam and the Skillport materials. I think I am going try and get that material completed in the next two weeks, and then do some lab work for about a week and then go for the exam.

phoeneous

powerfool wrote: »

DoD training videos

Are those available to the public?

phoeneous

Have to postpone the test until mid February

powerfool

phoeneous wrote: »

Are those available to the public?

They are available to civilian, military, and contractors that are with the DoD... need a .mil email address.

powerfool

phoeneous wrote: »

Have to postpone the test until mid February

I haven't been studying as much as I would like. I was hoping to have IINS and SNRS complete in January, but maybe I can still get IINS knocked out this month.

powerfool

I am beginning to feel a bit more comfortable with the material. I spent several hours reviewing Skillsoft CBTs over this past weekend. This biggest issue for me is that I have been out of heavy practice for the past year; at the beginning of last year, my company outsourced us and I used Cisco gear on a daily basis (mostly Cat 3750 switches and PIX/ASA). Since then, I have focused most heavily on network monitoring and analysis in a highly specialized environment. The basis of my recent experience has been limited to setting up SPANs, SNMP, and checking interface errors and VLAN settings.

In any event, I had nine years of pretty solid experience leading up to this. My goal is to be the Cisco Security SME for the organization, so I really need to step my game up. I am going to give myself a firm deadline of the end of the month. After that, I am jumping right into SNRS. I feel fairly comfortable with SNAF and SNAA, as most of my experience has been with PIX/ASA, and also using them to setup remote access and site-to-site VPNs. My biggest hurdle will be the IPS exam, because I have no practical knowledge of any IDS or IPS, although I understand how they work. There are some of Cisco IPS devices that I can use for a lab at work, but we don't use them in production anymore. In any event, I will save the IPS exam for last, and I may shoot for some training on it, so I can more easily knock it out.

phoeneous

powerfool wrote: »

...as most of my experience has been with PIX/ASA, and also using them to setup remote access and site-to-site VPNs.

Have you set up s2s vpn between asa and ios before? I need to do that this weekend for a new remote office. ios to ios is fairly easy for me, never tried asa to ios before. The asa is nat'd so I need to watch those deny statements for the vpn traffic.

powerfool

phoeneous wrote: »

Have you set up s2s vpn between asa and ios before? I need to do that this weekend for a new remote office. ios to ios is fairly easy for me, never tried asa to ios before. The asa is nat'd so I need to watch those deny statements for the vpn traffic.

I haven't, but I know it is possible. Cisco has some pretty good documents on this scenario, though. I have done PIX-to-PIX, PIX-to-VPN Concentrator, PIX-to-Sonicwall, ASA-to-PIX, and several where I have been unfamiliar with the other side of the tunnel.

There are very sophisticated rules that you can use for NAT, as well. I have had to create s2s tunnels where each network have overlapping IP address space, so you can use NAT rules to represent a network as another network address space. So, say both networks use 10.0.0.0/24, you can make your side represent your address space as 172.16.8.0/24, so proper routing can occur. I have done this in my own networks, as well, because I created a failover site where I didn't want the burden of changing IP addresses in addition to recovering operations, so I created a DMZ with the same address space as my production network, and then used NAT rules to represent it as a different network to my production network.