CCNA Security questions ( new exam? )

I passed my ICND2 about 2 weeks ago, so I'm officially CCNA cerified!

I currently hold an AAS in information security and also hold my Network+ and Security+ certifications, so I am definitely well educated/rounded in the security field. What is the newest exam number actually called... is it 640-554? If so, the newer one is the one i want to get certified in due to the time restraint witht he old one expiring.

I would like hands on lab equipment.. right now I own a:
2620XM Router
2610 Router
PIX 515
Two 2950 switches

I know I will need to get an ASA firewall. I really enjoyed Tom Lamlee's guides as well as CBT nuggets videos. The official cert books were also good.

So I'm thinking about picking up an ASA firewall, official 640-554 official cert guide or this bundle: CCNA Security 640-554 Official Cert Guide and LiveLessons Bundle: Keith Barker, Scott Morris: 9781587204265: Amazon.com: Books

and/or

Amazon.com: CCNA Security Lab Manual Version 1.1 (2nd Edition) (9781587133060): Cisco Networking Academy: Books

I always love lab manuals but never used one for Cisco as of yet... any feedback would be appreiciated.

So I guess my questions are:
What type of ASA firewall(Cheapest I can get away with)?
Study Materials (Lab manuals and cert guides)
Any tips from currently certifed CCNA Security indviduals
GNS3 usage?

Thanks a ton in advance..

Find more posts tagged with

Comments

SteveO86

You can use GNS3 to emulate ASA firewalls now.

For real equipment the cheapest would be an ASA 5505, this still go around 300 bucks. They will also lose some usefulness after your CCNA:S since they are not able to run security context.

wintermute000

I could get 5510s running in GNS3 but they were never stable esp. when running two.
re: security contexts, paying the considerable amount extra for 5510s over 5505s just to practice contexts and failover is a bit excessive. GNS3 is enough just to practice those features. Lets be hoenst they're not that complex a topic. ONce the sec context is up its just like a single firewall and you can treat it as such.

For the hard out constant tinkering you WILL need to comprehensively cover ASA (esp. the FIREWALL and VPN exams in CCNP-S... you really need to know the syntax/options inside out) I found GNS3 emulation to be too unstable and happily shelled out for a real 5505. In fact I got two to do VPNs but rapidly sold one of them off right away after passing LOL (one is left on my desk as a permanent fixture in my lab)

YFZblu

You can get the base model 5505 and have no issue during studying for the exam; however unless you plan to implement it at home, setup logging, etc. there is no reason not to do GNS3 instead.

Master Of Puppets

You can even get a 5520 running on GNS but it really isn't very stable.