10-31-2013 01:58 PM - edited 03-11-2019 07:58 PM
Hello,
Im Looking to find out what Devices are needed for a ccnp security home lab. I keep hearing that 2 5510's are a must for labbing. The downside Is the Prices avg $800 each on the low end. I also saw some ppl had an ips in their lab. Im looking to find out what is 100% needed. I alredy have a lab in place used for my ccnp r&s.
Thanks
Solved! Go to Solution.
11-04-2013 01:14 AM
Well, to properly practice the lab, you will need 2 x 5510 and 1 x IPS. I wont bother with the IOS security as you most probably have that covered with your R&S setup.
When you say that they had IPS in their lab, what are you trying to find out? The IPS, ASA firewall, VPN and Secure (IOS) are all seperate exams so you should only encounter the IPS when taking the IPS exam. It is possible that Cisco might put some small part of IPS into the Firewall exam but in this case it will not be very indepth as that will be covered by the IPS exam.
11-04-2013 01:22 AM
I would also say that two ASAs is a must to practice with them. But in my opinion, 2 5505 SecPlus are enough. What are the differences to the 5510? You configure subinterfaces instead of vlan-interfaces. But that's something you know from R/S. And the failover is only stateless, but failover in general also works. Sof if you find these ASAs for less money, take them. IPS is probably the topic where most CCNP Security students are least familar with. So owning a sensor would also help.
And don't forget that the bigger CCIE-Training vendors have complete labs for rent with all you need for CCNP Sec preparation. That could also save some money.
--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni
11-04-2013 01:14 AM
Well, to properly practice the lab, you will need 2 x 5510 and 1 x IPS. I wont bother with the IOS security as you most probably have that covered with your R&S setup.
When you say that they had IPS in their lab, what are you trying to find out? The IPS, ASA firewall, VPN and Secure (IOS) are all seperate exams so you should only encounter the IPS when taking the IPS exam. It is possible that Cisco might put some small part of IPS into the Firewall exam but in this case it will not be very indepth as that will be covered by the IPS exam.
04-18-2017 08:51 AM
You don´t need to spent that money in real equipments.
Just spend some hours on youtube and internet so you could learn how to configure it in GNS3.
I made it, and never bought a real equipment.
11-04-2013 01:22 AM
I would also say that two ASAs is a must to practice with them. But in my opinion, 2 5505 SecPlus are enough. What are the differences to the 5510? You configure subinterfaces instead of vlan-interfaces. But that's something you know from R/S. And the failover is only stateless, but failover in general also works. Sof if you find these ASAs for less money, take them. IPS is probably the topic where most CCNP Security students are least familar with. So owning a sensor would also help.
And don't forget that the bigger CCIE-Training vendors have complete labs for rent with all you need for CCNP Sec preparation. That could also save some money.
--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni
11-04-2013 02:43 AM
Hi,
I have not done even CCNA Security or CCNP Security (though are in the process of going for CCNA Security when I get the time)
I am wondering is there anything related to Multiple Context mode in the CCNP Security - Firewall? I would imagine that there is something and that would require you to have an ASA5510 model rather than ASA5505 which doesnt support Multiple Context mode at all. Then again I am not sure if Multiple Context mode plays big enough role in the exam to have someone get more expensive gear. I guess in ASA5510 case it would require an ASA5510 with Security Plus license also to support Multiple Context mode.
I am also wondering these things for when I eventually go for CCNP Security.
Though I am more/most worried about the IPS exam as I have never configured the ASA IPS module to this day.
- Jouni
11-04-2013 02:51 AM
I did not have any labs related to multiple context or active active failover. However it is good to get the hands on so you don't just have the theoretical experience but also practical too.
But having said that, you never know what you will encounter when doing the labs....even at the CCNP level.
@Jouni - I read somewhere that you can be awarded any written exam passed based on the VIP status...as of 2013 that is. Have you looked into that...or you want to go for the exam anyway?
11-04-2013 02:58 AM
Hi,
Have not heard about such a thing atleast Kinda makes me wonder if you have actually read something about getting free exams attempt since that would seem more likely. Though I wouldnt decline such an opportunity
I am not personally worried about the Multiple Context mode as I deal with it on a daily basis. I guess I might consider getting a pair of ASA5505 with Security Plus. Will have to see what my situation is. I might get most of the equipment from my employer but considering that our company is in process of merging with a bigger ISP I am not quite sure what my role/situation is in the coming 6 months or so. MIght even be that I have to look for another employer, who knows :/
- Jouni
11-04-2013 05:37 AM
@Jouni,
perhaps this is just for the Cisco learning network forum... but here it is
New for 2013, each VIP has the option of receiving a Cisco certification written exam voucher of their choice.
Look under the benefits section
https://learningnetwork.cisco.com/community/about?tab=cisco-designated-vips
Ah crap! just read through it again properly...*DOH! exam voucher... I really need to stop reading through articles so fast
11-04-2013 05:52 AM
Ah ****! just read through it again properly...*DOH! exam voucher... I really need to stop reading through articles so fast
And getting a certification without the test would violate any credibility of that examination. And Jouni has already passed the free written exam for being a VIP (while I still have to do my test ... )
--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni
11-04-2013 02:57 AM
Yes, multiple context-mode is on the exam but I question if it's worth the money to spend on because it's only a very small part of it. But for sure, that point is missing in the differences. And also the 5510 has to be SecPlus, not only because of contexts which are not supported in the Base license, but also for failover which is also missing in the Base-license.
And for IPS, should be a module in the ASA or at least the 4240 sensor. The course and exam is mainly based on the appliance, but most of the stuff can also be practiced with the AIP-SSM.
--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni
11-04-2013 05:47 AM
*So would you say 2 5505's is enough to get through the CCNP Exam or Most of it etc?
Im thinking of buying 2 5505's and renting rack time with 2 5510's to complete things that the 5505 does not support.
Would that be something that works?
11-04-2013 05:54 AM
If you want to mix your own lab and a rented lab, then I would only buy one 5505 SecPlus and use that for some time (or even in general) as your main internet-gateway. Failover and contexts can then be practiced on the rented lab.
--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni
03-27-2016 12:14 AM
Hi guys.
From what was already written I realize that 2x5510 + 1 IPS is a must.
And what about the quantity of routers and switches for CCNP Security lab?
03-29-2016 05:33 AM
https://learningnetwork.cisco.com/community/certifications/ccnpsecurity/syllabus
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: