Question about CCNA Security path and how useful just the NA Sec is

ande0255

Wondering how heavily the CCNA Security covers ASA NAT'ing and VPN configuration, as that is my main interest in studying it at this time for my job role of setting up / troubleshooting specifically VPN's on ASA Firewalls.

Not really looking at going for the CCNP Security any time soon as I work more heavily on Routers and the UC Platforms, but wondering if the CCNA Sec has really benefited anyone in a similar situation, or if it's really just a hurdle to getting onto the CCNP Sec courses.

Thanks for any input!

RouteMyPacket

The only way a CCNA is going to be exceptional is based on your experience.

A CCNA/CCNA Security with 10yrs experience is much more valuable than a paper chasing CCNA/CCNA Security

In short, it depends. Sounds like to me, you are looking for the easiest route to something, what that something is only you know.

I know for a fact I wouldn't trust a "CCNA Security" with the design/implementation of Firewalls and VPN's for my Enterprise. Again, now if they were a solid experienced Engineer that just happens to only have a CCNA, well then it wouldn't really matter. Typically anyone at the CCNP levels have some years under their belt while CCNA's typically don't

Legacy User

Personally it has benefited me. I was in a similar situation had to upgrade our security to the ASA platform. I didn't know squat about it so I read up on it using the ccna security material and watched the videos as well. I haven't looked into the the study guide for the ccnp security vpn but I watched the videos on cbtnuggets. I'm not sure how deep the ccnp security materials go but the ccna security was enough for me to set mines up at work. I learned enough to do port forwarding, static nat, setting up vpn's with anyconnect, and setting up a site to site vpn. The exam itself was not any bit intensive you could prob pass it with your eyes closed.

ande0255

Thanks for the reply RMP! Right now I'm in a position where I'm working with ASA's doing VPN / NAT config / tshooting at my job, so I'm really more looking for a study resource to bring myself up to speed on that, as I have no prior experience at all (ever).

Seems like staying the course of working tickets and using internet resources for troubleshooting tutorials for all things ASA may be the way to go, wondering if anyone else feels the CCNA Sec really boosted their knowledge of working with ASA's in any solid way.

Thanks again for the responses

ande0255

Thanks dmarc, that's kind of what I'm looking for is whether this 640-554 version really gets into what you described, for some reason it seems like it is pretty heavy on CCP stuff which I work on the CLI 100% of the time.

Legacy User

The test is all about ccp but if you actually go through the study guides and videos it does go into asa configuration.

SecurityThroughObscurity

You would better read Firewall OCG (includes nat conf) and VPN OCG.
CCNA sec is more theoretical than practical.

RouteMyPacket

ande0255 wrote: »

Thanks for the reply RMP! Right now I'm in a position where I'm working with ASA's doing VPN / NAT config / tshooting at my job, so I'm really more looking for a study resource to bring myself up to speed on that, as I have no prior experience at all (ever).

Seems like staying the course of working tickets and using internet resources for troubleshooting tutorials for all things ASA may be the way to go, wondering if anyone else feels the CCNA Sec really boosted their knowledge of working with ASA's in any solid way.

Thanks again for the responses

No No No...don't get me wrong. You will learn while studying for CCNA Security, that is precisely what it is there for..certifications are SUPPLEMENTAL to your experience. I don't recall any real VPN reading at the NA level, saite to site maybe via CCP

CCNP will take you into depths that the CCNA could only dream of.

remote vpn (anyconnect)
site-to-site
lan-to-lan


It will also delve deeper into the options each technology bring you. Before I ever started
down the Security path certification wise I had implemented a handful of Cisco AnyConnect SSL VPN solutions. Through studying and labbing, I found that I really knew very little about what we can do with this technology. For instance, DAP, CSD, Clientless features, Double Authentication, HA scnearios


When you simply work in the field, you find yourself applying technologies and making them "work" but once you start studying in depth those technologies a whole new world is opened up to you and getting certified on top of that is icing on the cake. THIS is what the real Engineers do..they seek out more knowledge and begin to not only know a technology exists but how it functions inside and out.

razar

I had the same question as ande0255, I've started studying for ccie last month but I'm now thinking of taking a step back from that and working towards my ccna sec instead. Don't tfeel like I have the knowledge or experience to go hard at the ie yet so I think working towards the na sec is the better option for me.

I work a lot with asa's now so it probably makes more sense, I have the ccna sec videos from INE, does anyone know if these alone are enough to pass the exams or should I read the official study guides too?

ande0255

I was actually advised today by a network engineer at my shop to put my time into a professional level cert, like the CCNP R:S or VCP, as those two will more heavily weigh in on promotions and taking the next step up.

So now I'm back to the drawing board as to when my next move is after CCNA Voice. Thinking perhaps getting the CCNP R:S out of the way over the course of this year may not be a bad idea while getting myself up to speed on VMWare materials for the VCP.

Though it seems like every day it changes, there is so much stuff that applies to my job that would carry me up to that next level, it's hard to really determine what the correct next step is.