+ Reply to Thread
Results 1 to 8 of 8
  1. Junior Member Registered Member
    Join Date
    Sep 2014
    Posts
    3

    Certifications
    RHCE, CCNP:R&S, JNCIS:SEC
    #1

    Default New NP:SEC lab advice

    I'm getting ready to refresh my 2013 NP:R&S lab to prepare for NP:SEC. Need some advice on my plan.

    Past NP:SEC seemed to point at 1 or 2x 5510s and 1x IPS appliance. I'm debating on buying a new 5506-X although that will blow a good chunk of my lab budget. I work on tons of ASAs at work but most of them are in production. Could someone provide some guidance on what contemporary NP:SEC lab topology would look like? At the moment, I am leaning towards 1x 5510, 1x 5506-X and no IPS appliance in concert with my NP:R&S lab (2x 1841, 2x 3560, 3x2950). On the software side, I understand I'll probably also need to run an ISE OVF but nothing else software-wise.
    Reply With Quote Quote  

  2. SS -->
  3. Senior Member
    Join Date
    Sep 2013
    Location
    Sweden
    Posts
    861

    Certifications
    CCNP
    #2
    Chcek out the ASAv before buying hardware.
    Cisco Adaptive Security Virtual Appliance (ASAv) - Products & Services - Cisco

    I don't know if it's available as a demo at this point, but it's supposed to be added to VIRL soon.
    Reply With Quote Quote  

  4. Senior Member
    Join Date
    Nov 2010
    Location
    Maryland
    Posts
    780

    Certifications
    A+, Net+, Sec+, CCNA, CCNP, CCDP, CISSP, CISM, CISA, CEH, MCSE 2003, MCTIP 2008, Bachelor of Science IT
    #3
    Bump. I have a VIRL license that's been collecting dust so I'd like to hear if using two ASAvs and using the IPS simulator will be all that's needed?

    Edit: Of course you can just use your CCO to download ASAv (unlicensed) and use VM Workstation to lab up versus all the cludge of VIRL.

    Throw in other firewalls and get crazy!!
    Last edited by spiderjericho; 04-01-2015 at 02:41 AM.
    Reply With Quote Quote  

  5. Connection Overlord f0rgiv3n's Avatar
    Join Date
    May 2008
    Posts
    578

    Certifications
    A+, N+, S+, MCSA(2k3), CCNA, CCNA Security, CCNP, JNCIA+JNCIS-Sec(expired), CISSP
    #4
    GNS3 can emulate ASAs as well. I used it for my last exam the 300-206. Just a heads up on the NP:Sec, the materials are STILL not out so that might sway what your lab might need to include. If it was me, I would wait till the materials are out so I could know exactly what I need.
    Reply With Quote Quote  

  6. Junior Member Registered Member
    Join Date
    Sep 2014
    Posts
    3

    Certifications
    RHCE, CCNP:R&S, JNCIS:SEC
    #5
    Based on what I can see, it won't be until later this year that all of the books are out. SISAS OCG is coming out in the next month or so. The problem for me is that this is a cert I need to start now. I've got an ISE deployment at work that I can jump into that will catalyze perfectly with this certification. I can't find O'Reilly rough cuts for anything but SISAS at the moment. VIRL looks exciting too (hadn't seen it before) but how could I connect an ISE VM with a couple of remote ASAs for 802.1x stuff, etc? Not sure thats possible so it seems like all of this would need to be in one rack. A VAR 3xCCIE who I was locked in a conference room with all day yesterday said that Sourcefire is changing Cisco security massively. I guess the next CCNP:SEC will include my Firepower/Sourcefire stuff? Feels kinda like this track, even though its so new-ish, will be a bit of a throw-away.
    Reply With Quote Quote  

  7. Connection Overlord f0rgiv3n's Avatar
    Join Date
    May 2008
    Posts
    578

    Certifications
    A+, N+, S+, MCSA(2k3), CCNA, CCNA Security, CCNP, JNCIA+JNCIS-Sec(expired), CISSP
    #6
    Yeah I agree that the CCNP:Sec track will be changing due to Sourcefire. You could totally go for the CCNP:Sec exams now even though the materials aren't out, just be ready to take the exams multiple times. The blueprints don't necessary give you enough to go on to pass. That was my experience with SENSS.
    Reply With Quote Quote  

  8. user.Status = "Learning";
    Join Date
    Sep 2005
    Location
    Server Room
    Posts
    317

    Certifications
    MCSE Server 2012, MCSE CP&I
    #7
    CBT Nuggets has all of the video series out now except for the 300-207. I'm not sure when that one will be available as it's not even in their "in progress" list. May not be ideal, but it would provide hopefully some info about the new exams.

    I'll be graduating in a couple of months and after I do I plan on beginning work on updating all of my CCNA level certs to CCNP. I used GNS3 for my CCNA-Sec but found as most do that touching the physical gear seems to make the process better. Here's what I've got to go towards my CCNP-RS and CCNP-Sec studies:

    4 - 1841 (384MB-D/64MB-F)
    2 - 2821 (1GB-D/256MB-F)
    1 - 871 (?/?)
    1 - 871 Wireless (?/?)
    2 - 2960 24pt
    2 - 3750 24pt PoE
    2 - ASA 5520
    1 - ASA 5505
    1 - 4260 IPS

    The two 871's and the 5505 were given to me, and while they aren't incredibly useful, the wireless function is nice to have so I can roam to a different room when my legs go numb from sitting down for hours on end. I may need to add a couple more switches and might do another 4240 or 4260 for one of the "branch" office configurations, but I'm hoping this will suffice for the changes made in the CCNP certs I'm after.

    Also I have two servers running 2012 R2 that I use as Hyper-V hosts, I can get about 6 VMs on each box to give the network configs actual traffic to work with.

    Any thoughts/ideas/criticism?
    Last edited by GSXR750K2; 04-23-2015 at 02:58 PM. Reason: My coffee is still kicking in.
    Reply With Quote Quote  

  9. Senior Member
    Join Date
    Jan 2013
    Location
    Florida
    Posts
    1,321

    Certifications
    CCNP: R&S, CIW: Web Foundations; MCTS: Active Directory; MCP: 2000 Professional; CNA: NetWare 5; CompTIA A+
    #8
    ASAv. Is this basically an ASA version of the CSR-1000V? I would love to be able to virtualize an ASA or two on my VMware ESXi server(s).

    [EDIT] Scratch that thought...it requires a service contract, though I have no idea what [device the contract would be] for.

    [EDIT] Found something called ASA-1000V which doesn't require a service contract. It only goes up to ASA OS 8.7.1, whereas the ASAv goes up to ASA OS 9.4.1.
    Last edited by theodoxa; 04-23-2015 at 05:26 PM.
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks