ASA 5505 for study practice?

I've sadly had little to no exposure to ASA devices and I want to. I'm going for CCNP-Sec once I finish up CCDP which should be fairly soon.

Would the ASA 5505 be useful to study with? How different is it from enterprise versions? I would get it with the AIP SSC-5 to have as much functionality as possible but that's over a grand and I don't want to spend the cash if it really won't be something I can transfer to enterprise level ASA devices.....

Find more posts tagged with

Comments

docrice

I considered the IPS module for the 5505 as a CCNP:Security study aid. I have since decided I'll just do a rack rental to learn the IPS-in-an-ASA solution since most folks who run IPS typically will go with something like Sourcefire, McAfee, or HP TippingPoint. Cisco doesn't have a stellar rep in the IPS space.

I think the 5505 is great for studies, however if you need to do failover, multimode, etc., you need a Security-Plus license and that gets expensive. The 5510, 5520, etc,. aren't too different until you get up to the big-boys which are geared for really large enterprises or service providers. All in all, I think the 5505 with a base license would be fine for learning purposes, but it's not like I've done any studying for the CCNP: Security either.

docrice

I also understand that you can run ASA code within GNS3, although I haven't had the time to try it successfully.

instant000

CCNP11 wrote: »

I've sadly had little to no exposure to ASA devices and I want to. I'm going for CCNP-Sec once I finish up CCDP which should be fairly soon.

Would the ASA 5505 be useful to study with? How different is it from enterprise versions? I would get it with the AIP SSC-5 to have as much functionality as possible but that's over a grand and I don't want to spend the cash if it really won't be something I can transfer to enterprise level ASA devices.....

With what I've seen for rack rental rates, it might be less expensive to go there, if you can't get enough from an ASA with lower license, and/or you can't get enough with the emulated ASA.

I'm going the emulated route.

DISCLAIMER: I work with ASAs on a daily basis.

Ahriakin

Either emulate or use 1 5505, it'll get you 95% (or so..) of what you need. Failover etc. is actually one of the easier functions to work with once you've done it a few times so buying a 2nd hardware unit for this is overkill imho. For it and IPS I definitely recommend using rack time instead.