CCNP Security Lab Equipment Recommendation

SoondubuSoondubu Member Posts: 13 ■□□□□□□□□□
Hello all,

I'm ramping up pursue my CCNP:S and wanted some recommendations in terms of what to buy for routers. I've been looking at 2611XM series routers however my colleagues at work have suggested 2800's instead. I've listed what I have below and would appreciate any recommendations in terms of routers and even ASA's. Thanks!

2x 3550's (Layer3)
2x 3750G's
1x ASA5505

Comments

  • SoondubuSoondubu Member Posts: 13 ■□□□□□□□□□
    Also, I'd prefer to stay away from GNS3. I've found it to be useful for routing practice but not the best in terms of practicing within a production environment.
  • KrekenKreken Member Posts: 284
    Soondubu wrote: »
    Also, I'd prefer to stay away from GNS3. I've found it to be useful for routing practice but not the best in terms of practicing within a production environment.

    That is too bad as you can do quite a lot in GNS3 including ASA's and save yourself a lot of money. You also need IPS, either a module for ASA or IPS 4220. The only limitation of a module vs stand alone IPS, is that you can't practice VLAN pairs. I would change ASA5505 to 5510 as 5505 doesn't support any security contexts and high availability which you need to practice for FIREWALL exam.

    Another thing which I found very useful is IME Demo mode for studying for IPS exam.

    I have only Secure left to get CCNP:S and currently through half-way studying for it. Unless something is going to change drastically, I see no reason to have more than one switch in your lab. For CCNP R&S, it makes sense to get four. If you insist on having four switches, I would change one of them to 2950/60 as 3550 and 3750 are both L3.
  • SoondubuSoondubu Member Posts: 13 ■□□□□□□□□□
    Thanks for the tips! I've had my eye on a few 5510's via ebay but haven't pulled the trigger yet. The IPS module/standalone unit isn't something that I foresaw so many thanks. Also congrats on almost completing your CCNP:S. I picked up all the switches for CCNP R/S and voice. I've had them for some time and just need to buy routers and security hardware. Slowly but surely getting there!
  • bryguybryguy Member Posts: 190
    Kreken wrote: »
    That is too bad as you can do quite a lot in GNS3 including ASA's and save yourself a lot of money. You also need IPS, either a module for ASA or IPS 4220. The only limitation of a module vs stand alone IPS, is that you can't practice VLAN pairs. I would change ASA5505 to 5510 as 5505 doesn't support any security contexts and high availability which you need to practice for FIREWALL exam.

    Another thing which I found very useful is IME Demo mode for studying for IPS exam.

    I have only Secure left to get CCNP:S and currently through half-way studying for it. Unless something is going to change drastically, I see no reason to have more than one switch in your lab. For CCNP R&S, it makes sense to get four. If you insist on having four switches, I would change one of them to 2950/60 as 3550 and 3750 are both L3.


    Say, for the IPS exam, do you think the IME Demo is enough? Or would you recommend some rack time instead? Seems like the book focuses more on the IME and IDM than the CLI, with the exception of the initial setup function. Thanks, in advance.. apologies for hijacking the thread.
  • tokhsstokhss Member Posts: 473
    Thought 5505s did indeed do HA with the Sec+ lic. ?

    Licensed features for this platform:
    Maximum Physical Interfaces : 8
    VLANs : 20, DMZ Unrestricted
    Inside Hosts : Unlimited
    Failover : Active/Standby
    VPN-DES : Enabled
    VPN-3DES-AES : Enabled
    SSL VPN Peers : 2
    Total VPN Peers : 25
    Dual ISPs : Enabled
    VLAN Trunk Ports : 8
    Shared License : Disabled
    AnyConnect for Mobile : Disabled
    AnyConnect for Cisco VPN Phone : Disabled
    AnyConnect Essentials : Disabled
    Advanced Endpoint Assessment : Disabled
    UC Phone Proxy Sessions : 2
    Total UC Proxy Sessions : 2
    Botnet Traffic Filter : Disabled

    This platform has an ASA 5505 Security Plus license.
Sign In or Register to comment.