CCNP Exam Order

sendalotsendalot Posts: 328Member
I'm on CCNP Security journey.

So since we have 4 exams on CCNP Security, what is the order to take them?
I want to do the easiest first.

I hear FIREWALL the easiest? Then VPN, IPS, and SECURE?

I've heard SECURE is worsened by a poorly written OCG?

Thanks.

Comments

  • alan2308alan2308 CISSP, MCSA 2008, MCSA 2012, CCNA R&S, CCNA Security Ann Arbor, MIPosts: 1,854Member ■■■■■■■■□□
    In another thread, I was recommended FIREWALL, VPN, SECURE, IPS.
  • sendalotsendalot Posts: 328Member
    alan2308 wrote: »
    In another thread, I was recommended FIREWALL, VPN, SECURE, IPS.
    So we all agree, FIREWALL is the 1st?
  • theodoxatheodoxa Posts: 1,340Member
    I haven't taken any exams yet (finishing up my CCNA: Security), but I would probably do IPS last since I have never worked with an IPS. I've worked with all the other technologies (ASA, ZBFW, NAT, VPN).
    R&S: CCENT CCNA CCNP CCIE [ ]
    Security: CCNA [ ]
    Virtualization: VCA-DCV [ ]
  • RouteMyPacketRouteMyPacket Posts: 1,104Member
    It depends, how much experience do you have with ASA's, VPN's, IPS's and dot1x?

    I would recommend FIREWALL->SECURE->VPN->IPS and going SECURE->FIREWALL->VPN->IPS would be even better

    SECURE was a beast of an exam, if I hadn't worked with ISE/dot1x over the last couple of years it would have been even more intense. SECURE will cover dot1x, DMVPN, GRE, IPsec and various other awesome topics.
    Modularity and Design Simplicity:

    Think of the 2:00 a.m. test—if you were awakened in the
    middle of the night because of a network problem and had to figure out the
    traffic flows in your network while you were half asleep, could you do it?
  • sendalotsendalot Posts: 328Member
    Lots of ASA & VPN. But none of IPS & Dot1x.
    I'll think about other things after passing FIREWALL first.
  • SteveO86SteveO86 Posts: 1,423Member
    Then I'd tackle those two first. Since you are most familiar with them. (ASA/VPN)

    After that I'd go for whichever one you are more exited about. IPS & SECURE are completely different (with the exception of IOS IPS but that could be a good primer for IPS?)

    I knocked out FIREWALL a long time ago, and really need to buckle down and finish off my CCNP:Sec.. Thinking I might tackle IPS mid-Jan. After all I've had a decent amount of IPS/VPN/ASA work these last two months.
    My Networking blog
    Latest blog post: Let's review EIGRP Named Mode
    Currently Studying: CCNP: Wireless - IUWMS
  • sendalotsendalot Posts: 328Member
    Could you explain which equipment you have used? If ASA, the model and the license you have for it?
    (That helped you pass FIREWALL, of course).
    Thanks.
  • SteveO86SteveO86 Posts: 1,423Member
    To lab all the objectives you'll need at least a 5510 with a security plus license.

    A 5505 with security plus only goes so far since it can't do contexts on 5505. I believe you can use GNS3 to run the ASA's nowadays. So you might not have to buy actual hardware. 5505's/5510's are still pretty expensive on eBary 300/400+.

    I've had to deal with ASA's for years so I didn't spend a huge amount of time labbing.
    My Networking blog
    Latest blog post: Let's review EIGRP Named Mode
    Currently Studying: CCNP: Wireless - IUWMS
  • wintermute000wintermute000 Posts: 172Banned
    The only thing that a 5505 can't do is contexts / HA and you can simulate enough ASA5520 in GNS3 to do it. google around.
    I found GNS3 flaky, but all I used it for was contexts and HA. 5505 did the rest and frankly you can pass easily even with just 'theoretical' knowledge of contexts (TBH I've forgottne it already, not having done much ASA work since!!! Sure it will come back pretty quick if I glance the doco).
  • theodoxatheodoxa Posts: 1,340Member
    SteveO86 wrote: »
    To lab all the objectives you'll need at least a 5510 with a security plus license.

    A 5505 with security plus only goes so far since it can't do contexts on 5505. I believe you can use GNS3 to run the ASA's nowadays. So you might not have to buy actual hardware. 5505's/5510's are still pretty expensive on eBary 300/400+.

    I've had to deal with ASA's for years so I didn't spend a huge amount of time labbing.

    I bought my personal 5505 on Amazon for not that much more than what they sell for on eBay. It came brand new sealed in the box with all the original cables, documentation, and software (ASA OS, ASDM, VPN Client, Anyconnect Client, etc...)
    R&S: CCENT CCNA CCNP CCIE [ ]
    Security: CCNA [ ]
    Virtualization: VCA-DCV [ ]
  • theodoxatheodoxa Posts: 1,340Member
    The only thing that a 5505 can't do is contexts / HA and you can simulate enough ASA5520 in GNS3 to do it. google around.
    I found GNS3 flaky, but all I used it for was contexts and HA. 5505 did the rest and frankly you can pass easily even with just 'theoretical' knowledge of contexts (TBH I've forgottne it already, not having done much ASA work since!!! Sure it will come back pretty quick if I glance the doco).

    Is there a tutorial somewhere as to how to set a 5520 up in GNS3? I tried [using one of the ASA bin files], but it also wants [in addition to the kernel - I assume this is the .bin file] the location of an initrd file (Linux???) that I have no idea where to get.
    R&S: CCENT CCNA CCNP CCIE [ ]
    Security: CCNA [ ]
    Virtualization: VCA-DCV [ ]
  • alan2308alan2308 CISSP, MCSA 2008, MCSA 2012, CCNA R&S, CCNA Security Ann Arbor, MIPosts: 1,854Member ■■■■■■■■□□
Sign In or Register to comment.