Purchasing an ASA for the CCNA:Security

veritas_libertas · May 2013

Is there a particular model that I should be looking for when purchasing an ASA 5505?

SecurityThroughObscurity · May 2013

there is no need real asa for exam.

veritas_libertas · May 2013

That's not what I'm asking. I want to know what is suggested.

According to the CCNA Security 640-554 Exam Topics it does indeed include ASA configuration:

I realize I could just use GNS3, but I want the actual hardware.

dover · May 2013

Veritas,

I bought a (new) 5505 (base license) while doing the CCNP Security track and I don't regret it at all. It was kind of pricey, but since I got the Smartnet contract I was able to download what I needed from Cisco.com - like additional plug-ins for the SSL VPN portal page, Anyconnect client packages, etc.

I'm glad they expanded the CCNA Sec to include the ASA...I think you'll enjoy it! For the CCNA Sec, the basic 5505 should be fine. When you get to the CCNP Sec material you'll definitely need higher models, but you can go the GNS3 route or rack-rental.

Good luck!

Dover

Bundiman · May 2013

The only thing to remember is that the 5505 is switch based and all other ASAs are interface based. Other then the interfaces they are configured the same.

veritas_libertas · May 2013

Dover,

I haven't been able to get a clear answer from a Google search, does GNS3 run the 5510 image? I assume I would need some 5510s to do the CCNP Security track?

Bundiman · May 2013

yes you can find it out there you just have to look

RouteMyPacket · May 2013

CCNA - 5505 should suffice

CCNP, CCIE - Dual 5510 w/ Security Plus (multiple contexts, failover etc)

When it comes to Security, i'm racking DUAL 5510's in my lab. It's far from cheap and while I have configured an ASA in GNS3, i'm not sure how stable it would be overall when it got time to really dig deep into labbing with it.

YFZblu · May 2013

I used the base model and license for my CCNA: Sec studies, it worked fine.

wintermute000 · May 2013

For CCNP I'd still say 5505s are fine. I spun up unstable ASAs in GNS3 to practice multi context/failover. For the rest of it 5505s are fine. (then again I have done multi context and failover before in real life).

CCIE of course you'll need the real thing w/ multi context and failover.

RouteMyPacket · May 2013

I've now got my first 5510 w/ Security Plus racked in now.

veritas_libertas · May 2013

I went ahead and picked up a 5505 for less than $300 + free shipping. Nice deal.

dover · May 2013

Veritas,

You can do the lion's share of the CCNP Firewall and VPN stuff on your 5505 PLUS you get real hands on experience. One way I learned was to wipe the 5505 to factory configs at the end of every day. I'd come in the next day and rebuild a config - one day with CLI, the next with the ASDM - really makes it stick when you've got to configure it before you can get to work/Internet

I believe GNS3 is emulating 5520's. They are buggy for certain things and they are CPU & RAM intensive - particularly if you are running a couple of XP/7 workstation VMs along with an ACS server and some routers.

If you've got the funds, 5510's w/Sec plus is definitely the way to go. I'm jealous of RouteMyPacket's 2 x 5510's. I'm probably not going to end up going for CCIE Security mainly because of the cost involved in doing it right - unless I switch jobs to a Cisco partner, not likely.

Good luck with the CCNA: S

veritas_libertas · May 2013

@Dover: Thanks for the advice. Depending on how things go I would like eventually go down the CCNP:Security path.

ajmatson · May 2013

You wont regret, I used a Physical ASA 5505 for the CCNA Security as well and it was more than enough. For the CCNP Security I am using Virtual ASA 5520's in GNS 3 and so far have worked fine but I don't regret having the Physical ASA 5505 to really have that hands on feel.

wintermute000 · May 2013

You only need real 5510s for failover and virtual contexts. Both can be easily practiced in GNS3 where the flakiness doesn't matter. I had no issues with CCNP Sec using that approach (real 5505s for 95% of it, GNS3 for failover/virtual context).

heikis · June 2013

im in a dilemma:
buy a used ASA5510-BUN-K9 for USD 460
or buy an ASA5505-SEC-BUN-K9 for USD 230

It will be mostly used for self-study purposes. I dont mind paying the price for asa5510- but does the price seem fair?
if you say it's a bargain i probably would grab it.

Ivanjam · June 2013

$460 is a great deal for a working 5510 and I wouldn't pay more than $200 for a used 5505.

heikis · June 2013

well i managed negotiate the price and got the asa5510 for $420.

MickQ · June 2013

Very nice. I didn't bother getting an ASA for the CCNA:S because I've a couple of base 5520s at work.

I found that even with my limited use of them, that was more than enough for the exam on that side of things.

spiderjericho · June 2013

I was just looking on the Bay and $420 is a great deal on a 5510.

i want to pursue the CCNP Security, I just don't want to plink down $1,500-$2,000 for the 5510 and will probably just use old GNS3.

Purchasing an ASA for the CCNA:Security

Comments