Well I guess the real answer is what you would rather focus on.
It may be easier to exclude some courses, unless of course that is exactly what you want to attend.
I would avoid the VPN concentrator class. Nothing wrong with it, the VPN concentrator looks like it has migrated into the ASA appliance. The only downfall of the VPN concentrator to this day is it does not handle SSL tunnels really well. With the right code 4.7? or 4.71?, SSL tunnels are possible, but the performance of the box plummets (which is why the functions were migrated to the ASA?). The only downfall with SSL tunnels (beyond 2) on the ASA, well, that requires an additional license. I hate networking products that run based on per IP licenses and such.
I would avoid the PIX only class. If firewalls are your thing, attend the PIX/ASA class, several good reasons for this. Some networks may not have the whole of the security suite running, but it will have a firewall (hopefully a PIX or ASA). Knowing the PDM or better yet VMS solution integration is significantly more useful.
The IPS 5.1 class is what I would reccomend. The only thing I dislike about the IPS 5.x platform is there needs to be a certification for anyone who actually understands the licensing. If you can understand the information about IP packets in this class, you all ready understand firewalls. The only thing I disliked was this class did not cover IDSM-2 in-line really well. Sure it was discussed, but at a very high level. Working/actuall configs were tough to come by.
The replacement for the VPN concentrator class, Host intrusion is probably one of the best products I have seen. I have yet to set a demo up for a client who didn't say "those programs are running on my host?" or "I could do without this.". There are two real good Cisco Press titles on this subject. As opposed to the class, I would set up a VMS server (or CSA MC 5.1 on a box NOT running CiscoWorks) and running the demo will sell this solution most anywhere. Knowing how to set this up will keep you employed for some time to come (in my opinion)
SND - Securing Network Devices, in my opinion is more of a general overview of security devices throughout your network and security design as opposed to specific configuration of any of the devices.
SNRS - Securing Networks with Cisco Routers and Switches goes into depth on specific security configurations on routers and switches. Some of which is irreplaceable in today's networks.
All of the classes have their uses and would be good. If you can only attend one class, that is a tough choice in the security realm. Security isn't just in one place, it is throughout the network.
I agree completely.. I am currently preparing my CCIE security based upon the CCSP courses (and experience of course). But there is one course that you might consider as well, If it's still available..
And that is the Safe training (Cisco SAFE Implementation, CSI).
It goes in detail about the Cisco Safe white papers and touches all technologies briefly in the labs.. As you said, security is throughout the whole network, and CSI basically tells you the different design options and what remedies what attacks. The lab is quite extensively as it covers most (except the NAC and it uses IDS not IPS) security devices and options.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :