You don´t need to spent that money in real equipments.

Just spend some hours on youtube and internet so you could learn  how to configure it in GNS3.

I made it, and never bought a real equipment.

Hi,

I have not done even CCNA Security or CCNP Security (though are in the process of going for CCNA Security when I get the time)

I am wondering is there anything related to Multiple Context mode in the CCNP Security - Firewall? I would imagine that there is something and that would require you to have an ASA5510 model rather than ASA5505 which doesnt support Multiple Context mode at all. Then again I am not sure if Multiple Context mode plays big enough role in the exam to have someone get more expensive gear. I guess in ASA5510 case it would require an ASA5510 with Security Plus license also to support Multiple Context mode.

I am also wondering these things for when I eventually go for CCNP Security.

Though I am more/most worried about the IPS exam as I have never configured the ASA IPS module to this day.

- Jouni

I did not have any labs related to multiple context or active active failover.  However it is good to get the hands on so you don't just have the theoretical experience but also practical too.

But having said that, you never know what you will encounter when doing the labs....even at the CCNP level.

@Jouni - I read somewhere that you can be awarded any written exam passed based on the VIP status...as of 2013 that is.  Have you looked into that...or you want to go for the exam anyway?

Hi,

Have not heard about such a thing atleast Kinda makes me wonder if you have actually read something about getting free exams attempt since that would seem more likely. Though I wouldnt decline such an opportunity

I am not personally worried about the Multiple Context mode as I deal with it on a daily basis. I guess I might consider getting a pair of ASA5505 with Security Plus. Will have to see what my situation is. I might get most of the equipment from my employer but considering that our company is in process of merging with a bigger ISP I am not quite sure what my role/situation is in the coming 6 months or so. MIght even be that I have to look for another employer, who knows :/

- Jouni

@Jouni,

perhaps this is just for the Cisco learning network forum... but here it is 

 New for 2013, each VIP has the option of receiving a Cisco certification written exam voucher of their choice.

Look under the benefits section

https://learningnetwork.cisco.com/community/about?tab=cisco-designated-vips

Ah crap!  just read through it again properly...*DOH!  exam voucher...  I really need to stop reading through articles so fast

Ah ****!  just read through it again properly...*DOH!  exam voucher...  I really need to stop reading through articles so fast 

And getting a certification without the test would violate any credibility of that examination. And Jouni has already passed the free written exam for being a VIP (while I still have to do my test ... )

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

Yes, multiple context-mode is on the exam but I question if it's worth the money to spend on because it's only a very small part of it. But for sure, that point is missing in the differences. And also the 5510 has to be SecPlus, not only because of contexts which are not supported in the Base license, but also for failover which is also missing in the Base-license.

And for IPS, should be a module in the ASA or at least the 4240 sensor. The course and exam is mainly based on the appliance, but most of the stuff can also be practiced with the AIP-SSM.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

*So would you say 2 5505's is enough to get through the CCNP Exam or Most of it etc?

Im thinking of buying 2 5505's and renting rack time with 2 5510's to complete things that the 5505 does not support.

Would that be something that works?

If you want to mix your own lab and a rented lab, then I would only buy one 5505 SecPlus and use that for some time (or even in general) as your main internet-gateway. Failover and contexts can then be practiced on the rented lab.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

Aakim, I don't think much of this applies to the new ccnp security exam anymore. New exam topics:

https://learningnetwork.cisco.com/community/certifications/ccnpsecurity/syllabus