ASA 5505 for study practice?

CCNP11CCNP11 Member Posts: 11 ■□□□□□□□□□
I've sadly had little to no exposure to ASA devices and I want to. I'm going for CCNP-Sec once I finish up CCDP which should be fairly soon.

Would the ASA 5505 be useful to study with? How different is it from enterprise versions? I would get it with the AIP SSC-5 to have as much functionality as possible but that's over a grand and I don't want to spend the cash if it really won't be something I can transfer to enterprise level ASA devices.....

Comments

  • docricedocrice Member Posts: 1,706 ■■■■■■■■■■
    I considered the IPS module for the 5505 as a CCNP:Security study aid. I have since decided I'll just do a rack rental to learn the IPS-in-an-ASA solution since most folks who run IPS typically will go with something like Sourcefire, McAfee, or HP TippingPoint. Cisco doesn't have a stellar rep in the IPS space.

    I think the 5505 is great for studies, however if you need to do failover, multimode, etc., you need a Security-Plus license and that gets expensive. The 5510, 5520, etc,. aren't too different until you get up to the big-boys which are geared for really large enterprises or service providers. All in all, I think the 5505 with a base license would be fine for learning purposes, but it's not like I've done any studying for the CCNP: Security either.
    Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/
  • docricedocrice Member Posts: 1,706 ■■■■■■■■■■
    I also understand that you can run ASA code within GNS3, although I haven't had the time to try it successfully.
    Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/
  • instant000instant000 Member Posts: 1,745
    CCNP11 wrote: »
    I've sadly had little to no exposure to ASA devices and I want to. I'm going for CCNP-Sec once I finish up CCDP which should be fairly soon.

    Would the ASA 5505 be useful to study with? How different is it from enterprise versions? I would get it with the AIP SSC-5 to have as much functionality as possible but that's over a grand and I don't want to spend the cash if it really won't be something I can transfer to enterprise level ASA devices.....

    With what I've seen for rack rental rates, it might be less expensive to go there, if you can't get enough from an ASA with lower license, and/or you can't get enough with the emulated ASA.

    I'm going the emulated route.

    DISCLAIMER: I work with ASAs on a daily basis.
    Currently Working: CCIE R&S
    LinkedIn: http://www.linkedin.com/in/lewislampkin (Please connect: Just say you're from TechExams.Net!)
  • AhriakinAhriakin Member Posts: 1,799 ■■■■■■■■□□
    Either emulate or use 1 5505, it'll get you 95% (or so..) of what you need. Failover etc. is actually one of the easier functions to work with once you've done it a few times so buying a 2nd hardware unit for this is overkill imho. For it and IPS I definitely recommend using rack time instead.
    We responded to the Year 2000 issue with "Y2K" solutions...isn't this the kind of thinking that got us into trouble in the first place?
Sign In or Register to comment.