CCNP Security Lab Equipment Recommendation
Soondubu
Member Posts: 13 ■□□□□□□□□□
Hello all,
I'm ramping up pursue my CCNP:S and wanted some recommendations in terms of what to buy for routers. I've been looking at 2611XM series routers however my colleagues at work have suggested 2800's instead. I've listed what I have below and would appreciate any recommendations in terms of routers and even ASA's. Thanks!
2x 3550's (Layer3)
2x 3750G's
1x ASA5505
I'm ramping up pursue my CCNP:S and wanted some recommendations in terms of what to buy for routers. I've been looking at 2611XM series routers however my colleagues at work have suggested 2800's instead. I've listed what I have below and would appreciate any recommendations in terms of routers and even ASA's. Thanks!
2x 3550's (Layer3)
2x 3750G's
1x ASA5505
Comments
-
Soondubu Member Posts: 13 ■□□□□□□□□□Also, I'd prefer to stay away from GNS3. I've found it to be useful for routing practice but not the best in terms of practicing within a production environment.
-
Kreken Member Posts: 284Also, I'd prefer to stay away from GNS3. I've found it to be useful for routing practice but not the best in terms of practicing within a production environment.
That is too bad as you can do quite a lot in GNS3 including ASA's and save yourself a lot of money. You also need IPS, either a module for ASA or IPS 4220. The only limitation of a module vs stand alone IPS, is that you can't practice VLAN pairs. I would change ASA5505 to 5510 as 5505 doesn't support any security contexts and high availability which you need to practice for FIREWALL exam.
Another thing which I found very useful is IME Demo mode for studying for IPS exam.
I have only Secure left to get CCNP:S and currently through half-way studying for it. Unless something is going to change drastically, I see no reason to have more than one switch in your lab. For CCNP R&S, it makes sense to get four. If you insist on having four switches, I would change one of them to 2950/60 as 3550 and 3750 are both L3. -
Soondubu Member Posts: 13 ■□□□□□□□□□Thanks for the tips! I've had my eye on a few 5510's via ebay but haven't pulled the trigger yet. The IPS module/standalone unit isn't something that I foresaw so many thanks. Also congrats on almost completing your CCNP:S. I picked up all the switches for CCNP R/S and voice. I've had them for some time and just need to buy routers and security hardware. Slowly but surely getting there!
-
bryguy Member Posts: 190That is too bad as you can do quite a lot in GNS3 including ASA's and save yourself a lot of money. You also need IPS, either a module for ASA or IPS 4220. The only limitation of a module vs stand alone IPS, is that you can't practice VLAN pairs. I would change ASA5505 to 5510 as 5505 doesn't support any security contexts and high availability which you need to practice for FIREWALL exam.
Another thing which I found very useful is IME Demo mode for studying for IPS exam.
I have only Secure left to get CCNP:S and currently through half-way studying for it. Unless something is going to change drastically, I see no reason to have more than one switch in your lab. For CCNP R&S, it makes sense to get four. If you insist on having four switches, I would change one of them to 2950/60 as 3550 and 3750 are both L3.
Say, for the IPS exam, do you think the IME Demo is enough? Or would you recommend some rack time instead? Seems like the book focuses more on the IME and IDM than the CLI, with the exception of the initial setup function. Thanks, in advance.. apologies for hijacking the thread. -
tokhss Member Posts: 473Thought 5505s did indeed do HA with the Sec+ lic. ?
Licensed features for this platform:
Maximum Physical Interfaces : 8
VLANs : 20, DMZ Unrestricted
Inside Hosts : Unlimited
Failover : Active/Standby
VPN-DES : Enabled
VPN-3DES-AES : Enabled
SSL VPN Peers : 2
Total VPN Peers : 25
Dual ISPs : Enabled
VLAN Trunk Ports : 8
Shared License : Disabled
AnyConnect for Mobile : Disabled
AnyConnect for Cisco VPN Phone : Disabled
AnyConnect Essentials : Disabled
Advanced Endpoint Assessment : Disabled
UC Phone Proxy Sessions : 2
Total UC Proxy Sessions : 2
Botnet Traffic Filter : Disabled
This platform has an ASA 5505 Security Plus license.