CCSP (CCIE - security) lab - what to buy?

Unanswered Question
Jul 20th, 2007

Hello!

I'am on the CCSP from august, gonna buy a lab for this (used equipment).

But it is a bit confusing what to buy!

-how many router/switches?, what IOS and model do i need.

Is there any resources for this?

Best regard

Onatopp

(MCSE, CCNA, CCNP)

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
RamyElSisy Sat, 07/21/2007 - 20:15

There is no recommended number of devices to build your home lab exam to prepare for your CCIE Security lab exam, but it depends which technology you are trying to practice.

For example if you need to practice ASA technologies, you need 2 ASAs and 3 routers.

If you need to practice VPN technology, you need at most 4 Routers and VPN Conc.

If you need to practice IPS technologies, you need 1 IPS, 2 or 3 routers.

It means 4 routers and all the security devices will let you practice all exam technologies independently.

But when you need to practice all the technologies together (same like real lab environment) you need at least:

 6 routers, 4 of them must have 2 Fast Ethernet/Ethernet interfaces and WIC-2T or WIC-2A/S each (12.2.13T Enterprise or higher IOS)

 2 backbone routers to inject Backbone routes, and you can configure one of them work as a FR switch (12.3T Enterprise or higher IOS)

 2 ASAs (7.x OS)

 1 PIX (7.x OS)

 1 IPS (5.x OS)

 1 Conc (4.7 OS)

 1 ACS, CA, Client machine

 5 DB60-SS Serial cables, 2 SS-SS Serial Cables, 30 UTP Ethernet cables, 4 UTP Cross over cables

--------------------------------------------------------

Thanks,

Ramy Sisy

CCIE#17321 (Security), CCSI#30417, CCNP, C|EH, C|HFI, ISS-CA, MCSE, MCT

CCIE Security Content Manager/

Technical Instructor

Network Learning Inc - A Cisco Sponsored Organization (SO) YES! We accept Cisco Learning credits!

[email protected]

http://www.ccbootcamp.com (Cisco Training and Advanced Technology Rental Racks)

Toll Free: 877-NLI-CCIE (877-654-2243)

Outside USA: +1-702-968-5100

FAX: +1-702-446-8012

--------------------------------------------------------

onatopp68 Sun, 07/22/2007 - 08:48

Hi!

Thank you for taking the time to answer my questions, it is very king of you!

This is my 8000$ (give & take) lab so far:

Security bit (without the 2 x ASAs):

1 Cisco VPN 3005 Concentrator (1100 $)

1 Cisco PIX-515-UR,128Mb, 4FE (1400 $)

1 Cisco IDS-4210 sensor (650 $)

Switch:

2 Cisco Catalyst 3550 switch (2590 $)

Routers (so far):

1 Cisco 2509 16/16 (8 async)(acces server)(185 $)

1 Cisco 2522 16/16 (10 port F.R. switch) (295 $)

--------------------------------------------- summa = 6220 $ (Most of my 8K $ is almost gone by this)

Questions regarding lab:

-I cant afford the complete lab (because of the ASAs), so will i need 2 cata 3550 for the rest, or can i manage with only one ? (might need one cate 2900 switch)

-Can i do with a cheaper PIX or VPN, or is this the minimum required ?

Questions regarding exam numbers:

- what is the most prefered order to study the 5 CCSP exams ?

---------------------------------------------

Prices are from ccbootcamp.com (witch seems to be very helpful :-)

Best regards

Svein Martinussen (Norway)

(MCSE, CCNA, CCNP)

RamyElSisy Sun, 07/22/2007 - 13:07

Hi Svein,

I recommend you to check Cisco?s Partner E-learning connection for their labs to practice each technology for the CCSP and after finishing your CCSP go for CCIE Written preparation which does not need equipments.

www.cisco.com/go/PEC

Then for the lab preparation you can depend on remote labs, in your case it will be cost effective as you said that you will not afford ASAs which means you have to go for Remote labs to practice the whole scenarios for the lab exam, so I prefer to do it from the beginning. From my experience purchasing home lab and selling it after finishing is costing more money especially after adding 2 ASAs.

In another hand if you want to go for your direction, I think 1 2900 switch will be fine, the PIX can be restricted as you have only 1 so you do not care about Failover and not supported features over PIX as SSL VPN, mentioned routers are good to work as BB routers for the complete lab scenarios and support FR switch and TS. You need VPN Conc, and you can simulate IPS over a VMWare.

http://www.securityie.com/cgi-bin/ultimatebb.cgi?ubb=get_topic;f=36;t=000053

you need extra 2 routers and you can support almost all CCSP technology labs, do not bother about 2 FE interfaces as you only has 1 switch and you can support subinterfaces.

For CCSP exams, go for Cisco?s exam order (SND, SNRS, SNPA, IPS, CSVPN)

I hope that it is clear.

Good Luck

Actions

This Discussion